12-FCoE Configuration Guide

HomeSupportSwitchesS6300 SeriesConfigure & DeployConfiguration GuidesH3C S6300 Switch Series Configuration Guides-Release 243x-6W10012-FCoE Configuration Guide
Table of Contents
Related Documents
01-FCoE configuration
Title Size Download
01-FCoE configuration 1.41 MB

Contents

FCoE overview·· 1

Storage area network· 1

FC SAN· 1

FC protocol 2

Basic concepts· 2

Communication flow· 4

VSAN· 4

FC zone· 5

FCoE· 5

Basic concepts· 6

How FCoE works· 7

FCoE modes· 9

FCF mode· 9

NPV mode· 10

FCF-NPV mode· 10

Transit mode· 10

Protocols and standards· 12

FCoE configuration guidelines· 13

Installing a license· 13

Configuring the switch to operate in advanced mode or expert mode· 13

Configuring an FCoE mode· 13

FCoE features supported in different FCoE modes· 13

Configuring VFC interfaces· 15

Configuring a VFC interface· 15

Displaying and maintaining VFC interfaces· 16

Enabling FCoE· 17

FCoE enabling configuration task list 17

Enabling FCoE in a VLAN and mapping the VLAN to a VSAN· 17

Configuration restrictions and guidelines· 17

Configuration procedure· 17

Setting an FC-MAP value· 18

Setting an FC-MAP value on an FCF or NPV switch· 18

Setting an FC-MAP value on an FCF-NPV switch· 18

Setting an FKA advertisement interval value· 18

Configuration restrictions and guidelines· 19

Configuration procedure· 20

Setting the FCF priority· 20

Setting the system FCF priority· 20

Setting the VFC interface FCF priority· 21

Displaying and maintaining FCoE· 21

FCoE configuration example· 21

Network requirements· 21

Configuration procedure· 22

Configuring VSANs· 26

VSAN fundamentals· 26

Creating a VSAN· 27

Setting the operating mode for a VSAN· 28

Configuring a trunk VSAN· 28

Displaying and maintaining VSANs· 28

VSAN configuration examples· 29

Network requirements· 29

Requirements analysis· 29

Configuration procedure· 29

Verifying the configuration· 31

Building a fabric· 33

Overview· 33

Principal switch selection· 33

Domain ID assignment 34

FC address assignment 35

Fabric building configuration task list 35

Building a fabric statically· 35

Building a fabric dynamically· 36

Enabling or disabling the fabric configuration feature· 36

Enabling the fabric configuration feature· 37

Disabling the fabric configuration feature· 37

Setting a fabric name· 37

Setting the switch priority· 37

Configuring an allowed domain ID list 38

Configuring a domain ID for a switch· 38

Binding the WWN of an N_Port to an FC address· 39

Setting fabric timers· 39

Setting fabric timers in system view· 40

Setting fabric timers in VSAN view· 40

Configuring fabric reconfiguration· 40

Enabling the automatic reconfiguration feature· 41

Manually initiating a fabric reconfiguration· 41

Configuring an interface to reject incoming RCF requests· 41

Enabling SNMP notifications for the fabric or name service module· 42

Configuring RSCN aggregation· 42

RSCN· 42

RSCN aggregation· 42

Configuration procedure· 43

Configuring and obtaining FC4 information of nodes· 43

Enabling SCSI-FCP information autodiscovery· 43

Configuring the default FC4 information for a node· 44

Configuring Smart SAN· 44

Overview· 44

Configuration procedure· 45

Displaying and maintaining a fabric· 45

Fabric building configuration examples· 46

Static fabric building configuration example· 46

Dynamic fabric building configuration example· 48

Configuring FC routing and forwarding· 53

Overview· 53

Routing table and FIB table· 53

Direct routes· 54

Static routes· 55

FSPF routes· 55

Configuring static FC routes· 56

Configuration restrictions and guidelines· 56

Configuration procedure· 56

Configuring FSPF· 57

FSPF configuration task list 57

Enabling FSPF· 57

Setting the shortest SPF calculation interval 57

Setting the minimum LSR arrival interval 58

Setting the minimum LSR refresh interval 58

Setting the FSPF cost for an interface· 58

Setting the hello interval for an interface· 59

Setting the dead interval for an interface· 59

Setting the LSR retransmission interval for an interface· 59

Disabling FSPF for an interface· 60

Configuring FSPF GR· 60

Displaying and maintaining FC routing and forwarding· 61

FC routing configuration examples· 61

Static FC routing configuration example· 61

FSPF configuration example· 66

Configuring FC zones· 70

Overview· 70

Zoning mode· 70

Zone database· 70

Pairwise· 73

Zone distribution in basic zoning mode· 73

Zone distribution in enhanced zoning mode· 75

Zone merge in basic zoning mode· 76

Zone merge in enhanced zoning mode· 78

Access control 79

FC zone configuration task list 79

Configuring a zoning mode· 80

Configuring the Pairwise feature· 81

Configuring zone aliases· 81

Configuring zones· 82

Configuring zone sets· 82

Configuring a peer zone· 82

Configuring the default zone policy· 83

Setting the zone distribution and merge type· 83

Configuring a merge control mode· 84

Enabling hard zoning· 84

Overview· 84

Configuration restrictions and guidelines· 85

Configuration procedure· 85

Activating a zone set and distributing it to the entire fabric· 85

Triggering a complete distribution· 86

Renaming zone aliases, zones, and zone sets· 86

Copying zone aliases, zones, and zone sets· 87

Deleting the zone database· 87

Enabling SNMP notifications· 87

Displaying and maintaining FC zones· 88

FC zone configuration example· 88

Network requirements· 88

Requirements analysis· 89

Configuration procedure· 89

Verifying the configuration· 91

Configuring NPV· 93

Overview· 93

Downlink interface and downlink· 93

Uplink interface and uplink· 93

Downlink-to-uplink interface mappings· 94

Load balancing· 94

NPV configuration task list 94

Configuring uplink interfaces and downlink interfaces· 95

Configuring uplink interfaces· 95

Configuring downlink interfaces· 95

Configuring downlink-to-uplink interface mappings· 95

Manually initiating a disruptive load balancing process· 96

Configuring automatic load balancing· 96

Displaying and maintaining NPV· 97

NPV configuration example· 97

Network requirements· 97

Configuration procedure· 97

Verifying the configuration· 100

Configuring FIP snooping· 102

Overview· 102

FIP snooping network diagram·· 102

How FIP snooping works· 102

FIP snooping configuration task list 103

Enabling FIP snooping· 104

Setting the operating mode of an Ethernet interface· 104

Setting the FC-MAP value for a VLAN· 104

Displaying and maintaining FIP snooping· 105

FIP snooping configuration example· 105

Network requirements· 105

Configuration procedure· 105

Verifying the configuration· 107

Configuring port security· 109

Overview· 109

Control scope· 109

Port security database· 109

Authorization checks· 110

Port security configuration task list 111

Enabling port security· 111

Configuring binding entries· 111

Enabling auto learning· 112

Converting learned entries to static entries· 112

Enabling SNMP notifications for port security· 112

Displaying and maintaining port security· 113

Port security configuration example· 113

Configuring FCS· 118

Overview· 118

Starting a topology discovery· 120

Stopping a topology discovery· 120

Displaying and maintaining FCS· 121

FCS configuration example· 121

Network requirements· 121

Configuration procedure· 121

Verifying the configuration· 122

Configuring FDMI 125

Overview· 125

Displaying and maintaining FDMI 128

Configuring FC ping· 129

Overview· 129

Configuration procedure· 129

FC ping configuration examples· 129

Network requirements· 129

Configuration procedure· 129

Verifying the configuration· 132

Configuring FC tracert 133

Overview· 133

Configuration procedure· 134

FC tracert configuration examples· 134

Network requirements· 134

Configuration procedure· 134

Verifying the configuration· 139

Comprehensive FCoE configuration examples· 140

FCoE configuration example (in standalone mode) 140

Network requirements· 140

Requirements analysis· 141

Configuration procedures· 142

Verifying the configuration· 150

FCoE configuration example (in IRF mode) 152

Network requirements· 152

Requirements analysis· 153

Configuration procedures· 154

Verifying the configuration· 166

Appendixes· 170

Appendix A Fabric address assignment 170

Appendix B Well-known fabric addresses· 170

 


FCoE overview

Fibre Channel (FC) is a data transmission protocol used in a storage area network (SAN). Fibre Channel over Ethernet (FCoE) transports FC over Ethernet. The following sections describe FC and FCoE.

Storage area network

A SAN is any high-performance network whose primary purpose is to enable storage devices to communicate with computer systems and with each other.

A SAN enables the universal connectivity of servers and disk devices. Compared to the conventional client/server computer system, a SAN delivers the following benefits:

·           Allows the servers to share data and directly access data created by one another without having to copy it.

·           Improves storage scalability.

·           Centralizes the management of data backup, access, and security.

Most SANs use Fibre Channel (FC) or Ethernet to interconnect devices. An FC SAN uses the FC protocol suite for communication, and an Ethernet SAN uses the TCP/IP protocol suite for communication.

This document covers only the FC SAN.

FC SAN

Figure 1 shows three FC SAN networking methods. The first two networking methods are simple and can connect only a limited number of devices.

·           The point-to-point connection directly connects a server and a disk device.

·           The arbitrated loop supports up to 126 devices.

·           The switched fabric connects servers and disk devices to an FC switched fabric. In a switched fabric, the servers and disk devices are called nodes. A fabric uses 24-bit addressing and supports thousands of devices.

Figure 1 FC SAN networking

 

 

 

NOTE:

·       An FC SAN refers to a network that includes FC switches and nodes.

·       A fabric refers to a transmission network that includes FC switches.

 

FC protocol

The servers, FC switches, and disk devices in an FC SAN must all support FC.

Basic concepts

WWN

The world wide name (WWN) is a 64-bit address that identifies a fabric or an entity (such as an FC switch, node, or port) in an FC SAN. The upper-layer protocol of FC uses WWNs for communication. Each entity has a factory-assigned globally unique WWN.

FC address

The FC protocol accesses communication entities in an FC SAN through FC addresses. An FC address is also known as an FC ID.

Figure 2 shows the structure of an FC address. The FC address is 24 bits long and contains the following 8-bit fields:

·           Domain_IDA domain represents a switch and all N_Ports connected to the switch. For more information about N_Ports, see "Port modes." A domain ID, which is in the range of 1 to 239, uniquely identifies an FC switch. Different FC switches in the same fabric have different domain IDs.

·           Area_IDOne or more N_Ports on the same node can be assigned to an area, which is identified by an area ID.

·           Port_IDThe Port_ID field identifies an N_Port.

Figure 2 Structure of an FC address

 

An FC address can uniquely identify an N_Port on a node. Different N_Ports on the same node have different FC addresses. FC switches use domain IDs to route messages between each other.

The FC protocol standardizes the FC address usage. For more information, see "Appendixes."

Port modes

In a switched fabric, nodes and FC switches communicate through interfaces operating in different modes.

Figure 3 Port modes

 

A node supports the following port modes:

·           N_Port—Directly connects to a fabric.

·           NL_Port—Connects to a fabric through an arbitrated loop.

An FC switch provides the following port modes:

·           E_Port—Connects to an E_Port on another FC switch.

·           F_Port—Connects to an N_Port on a node or an NP_Port on another FC switch.

·           G_Port—Operates in auto mode to negotiate the operating mode with its peer.

?  If the peer is an E_Port, the G_Port works as an E_Port.

?  If the peer is an N_Port or NP_Port, the G_Port works as an F_Port.

?  If both ends are G_Ports, they both work as E_Ports.

?  If the peer is an F_Port, the negotiation fails.

·           NP_Port—Connects to an F_Port on another FC switch. For more information about NP_Port, see "Configuring NPV."

E_Ports connect FC switches to form a fabric, and F_Ports connect the nodes to FC switches in the fabric.

Communication flow

FC switches provide data transmission services. Through FC switches, a server sends instructions and data to disk devices and reads data from disk devices.

Figure 4 FC SAN communication model

 

The following takes a server accessing a disk device as an example to see how data communication occurs in an FC SAN.

1.      The server and the disk device send fabric login (FLOGI) packets to register with the FC switches. Then, the FC switches assign FC addresses to their directly-connected nodes.

A FLOGI packet contains information that includes the port WWN, node WWN, and the expected FC address.

2.      The registered server and disk device send name service registration requests to their respective access FC switches to register name service information, including FC4 information. Finally, each FC switch in the fabric stores the name service information for all nodes. For more information about FC4 information, see "Configuring and obtaining FC4 information of nodes."

3.      The server sends a name service query request to its access FC switch to obtain the list of disk devices in the fabric and their WWNs and FC addresses.

4.      The server sends an FC frame destined to the FC address to its access FC switch.

5.      The access FC switch queries its FIB table and forwards the FC frame to the next-hop FC switch.

6.      The next-hop FC switch forwards the FC frame in the same way, until the FC switch at the last hop forwards the FC frame to the destination disk device.

 

 

NOTE:

A FIB table is generated by the FC switch through calculation based on the FC routing protocol or configured static routes.

 

VSAN

In actual applications, the data is insecure if the data of all users is transmitted in the same FC SAN. You can divide one physical FC SAN into multiple virtual storage area networks (VSANs). VSANs are separated from one another and provide independent services. This enhances adaptability and security of the network and offers more effective services for users. For more information about VSANs, see "Configuring VSANs."

FC zone

The VSAN feature divides one physical SAN into multiple logical SANs. A VSAN, however, cannot perform access control over the servers and disk devices (or the N_Ports) connected to a fabric. N_Ports in the same VSAN can access one another only if these N_Ports register name services. This creates data security risks.

Zoning can solve the preceding problem by dividing a VSAN into zones and adding N_Ports to different zones for different purposes. N_Ports in different zones are separated to implement access control.

For more information about FC zones, see "Configuring FC zones."

FCoE

A data center using the FC SAN technique typically includes separate local area networks (LANs) and SANs. LANs carry traditional Ethernet/IP services, and SANs carry network storage services.

To provide services for LANs and use SANs for storage simultaneously in a traditional network, the servers must use independent Ethernet adapters and FC adapters. In addition, the IP switches and the FC switches are also independent and have independent network connections. Such a network needs many switches, network adapters, and cables, and it brings high investments and maintenance costs and low scalability.

FCoE was introduced to solve this problem. FCoE transports FC over Ethernet. In an FCoE solution:

·           The server uses an FCoE-capable Ethernet adapter.

·           The FCoE switch (FCoE forwarder) integrates the functions of both the traditional IP switch and FC switch.

FCoE reduces the number of network adapters, switches, and cables, and the network operation and maintenance workload. In all, FCoE reduces the total cost.

Figure 5 FCoE for I/O consolidation

 

As shown in Figure 5:

·           In the traditional network, the server is connected to the LAN through an Ethernet interface and to the SAN through an FC interface.

·           In the FCoE network, the server is connected to the FCoE-capable FCF switch. Then, the FCF switch is connected to the LAN through an Ethernet interface and to the SAN through a VFC interface. The link between the server and the FCF switch can transmit both Ethernet packets and FC frames.

Basic concepts

As shown in Figure 6, the link between the FCF switch and the ENode can receive and send both Ethernet frames and FC frames. ENodes can transport FC over Ethernet. ENodes include servers and disk devices.

Figure 6 FCoE network diagram

 

VFC interface and VN interface

A virtual Fibre Channel (VFC) interface is a logical interface manually created on an FCF switch to simulate the functionality of a physical FC interface.

To use a VFC interface, bind it to a physical Ethernet interface.

You can connect either an ENode or an FCF switch to a VFC interface.

VFC interfaces support E mode, F mode (default), and NP mode.

The virtual node (VN) interface is a logical interface on an ENode to simulate the functionality of a physical FC interface.

FIP protocol

FCoE initialization protocol (FIP) is an FCoE control protocol that establishes and maintains virtual links.

FIP establishes a virtual link between the VFC interface of an FCF switch and either of the following:

·           The VN interface of an ENode.

·           The VFC interface of another FCF switch.

The virtual links provide a physical infrastructure for transmitting FC frames over Ethernet.

FCoE frames

To transmit an FC frame over Ethernet, FCoE encapsulates the FC frame in an FCoE frame by adding an Ethernet frame header to the FC frame.

An FCoE frame uses Ethernet II encapsulation, which has the following fields in the Ethernet header:

·           EtherType 0x8906.

·           Destination MAC address/source MAC address—The definitions of this field are different for switches and nodes.

?  For a switch, it is the FCoE MAC address of the switch (which can be displayed by using the display fcoe command).

?  For a node, it is the fabric provided MAC address (FPMA) of the node. As shown in Figure 7, an FPMA is composed of the following elements:

-       The FC-MAP as the 24 most significant bits.

-       The FC ID of the VN interface as the 24 least significant bits.

The FC-MAP takes the value of the switch FC-MAP, 0x0EFC00 by default and configurable by using the fcoe fcmap command.

Figure 7 FPMA composition

 

How FCoE works

This section describes how FCoE works on the FCF switch (rather than the ENode).

Figure 8 Block diagrams of the ENode and the FCF switch

 

Procedure for receiving and sending FC frames over Ethernet

An FC frame is transmitted over Ethernet using the following workflow:

1.      FIP establishes a virtual link between the VFC interface of the FCF switch and one of the following interfaces:

?  A VN interface of an ENode.

?  A VFC interface of another FCF switch.

2.      After the virtual link is established, the FCF switch encapsulates the FC frame in an FCoE frame and sends it out.

3.      After receiving the FCoE frame, the FCF switch removes its Ethernet header to send the original FC frame to the upper layer for processing.

How FIP works

FIP establishes and maintains virtual links between a VFC interface and a VN interface or between VFC interfaces.

FIP uses Discovery Solicitation packets and Discovery Advertisement packets. Discovery Advertisement packets include the following types:

·           Solicited Discovery AdvertisementA reply for a Discovery Solicitation.

·           Unsolicited Discovery AdvertisementPeriodically sent to advertise the presence of a virtual link or maintain an existing virtual link.

The following example shows how a virtual link is established between an FCF switch and an ENode.

Figure 9 FIP operation

 

As shown in Figure 9, the following workflow is used to establish a virtual link:

1.      The ENode sends a Discovery Solicitation containing its FCoE MAC address.

2.      After receiving the Discovery Solicitation, the FCF switch acts differently depending on whether the receiving VFC interface is bound to an FCoE MAC address.

?  If it is not bound to an FCoE MAC address, the switch learns the FCoE MAC address and replies with a solicited Discovery Advertisement. The fcf priority field of the solicited Discovery Advertisement transports the FCF priority of the VFC interface.

?  If it is bound to an FCoE MAC address, the switch identifies whether the FCoE MAC address carried in the Discovery Solicitation matches the bound FCoE MAC address.

-       If they match, the switch replies with a solicited Discovery Advertisement, whose fcf priority field carries the FCF priority of the VFC interface.

-       If they do not match, the switch discards the Discovery Solicitation.

3.      The FCF switch periodically sends unsolicited Discovery Advertisements, whose fcf priority field carries the FCF priority of the system.

The sending interval is specified by using the fcoe fka-adv-period command and defaults to 8 seconds.

4.      After receiving the Discovery Advertisements, the ENode determines the FCF switch with the highest priority according to the fcf priority field. Then, the ENode sends a FLOGI request to that switch for login.

5.      After receiving the FLOGI request, the FCF switch identifies whether the source MAC address matches its learned or bound FCoE MAC address.

?  If they match, the FCF switch sends a FLOGI LS_ACC, which indicates the establishment of the virtual link.

?  If they do not match, the FCF switch discards the FLOGI request.

6.      The FCF switch also periodically sends unsolicited Discovery Advertisements to maintain established virtual links. If the ENode fails to receive an unsolicited Discovery Advertisement within a period 2.5 times the FKA advertisement, it deletes the virtual link.

FCoE modes

An FCoE-capable switch can operate in non-FCoE mode or in one of the following FCoE modes:

·           FCF mode—When the switch operates in this mode, it is an FCF switch and supports E_Ports and F_Ports. An FCF switch can connect to the following elements:

?  An E_Port on another FCF switch through its E_Port.

?  An N_Port or NP_Port through its F_Port.

·           NPV mode—When the switch operates in this mode, it is an NPV switch and supports F_Ports and NP_Ports. An NPV switch can connect to the following elements:

?  An N_Port or NP_Port through its F_Port.

?  An F_Port through its NP_Port.

·           FCF-NPV mode—When the switch operates in this mode, it is an FCF-NPV switch. A VSAN on an FCF-NPV switch can operate in either of the following modes:

?  FCF mode—When a VSAN operates in this mode, the VSAN acts as an FCF switch.

?  NPV mode—When a VSAN operates in this mode, the VSAN acts as an NPV switch.

·           Transit mode—When the switch operates in this mode, it is a Transit switch.

You can configure Ethernet interfaces on a Transit switch to operate in ENode or FCF mode. The ENode mode allows an Ethernet interface to receive traffic from only an ENode. The FCF mode allows an Ethernet interface to receive traffic from only an FCF switch.

FCF mode

An FCF switch encapsulates FC frames in Ethernet frames and uses FCoE virtual links to simulate physical FC links. In this way, an FCF switch provides standard FC switching capabilities and features on a lossless Ethernet network.

Figure 10 FCF network diagram

 

In an FCoE environment as shown in Figure 10, an FCF switch can perform the following operations:

·           Connect to an Ethernet switch through an Ethernet interface.

·           Connect to an ENode or FCF switch through a VFC interface. In this case, an FCoE virtual link is established between the Ethernet interfaces of the two devices. The FCoE virtual link provides communication over a lossless Ethernet network. The peer end of the FCoE virtual link can be a VN interface or a VFC interface.

Each FCF switch is assigned a domain ID. Each FC SAN supports a maximum number of 239 domain IDs, so an FC SAN cannot have more than 239 switches.

NPV mode

An FC SAN needs a large number of edge switches that are connected directly to nodes. NPV switches are developed to expand the number of switches in an FC SAN.

Figure 11 NPV network diagram

 

As shown in Figure 11, the NPV switch resides between nodes and the core switch on the edge of the fabric. The core switch is a switch operating in FCF mode. The NPV switch is connected to the nodes through its F_Ports and to the core switch through its NP_Port. The NPV switch forwards traffic from its connected nodes to the core switch.

The NPV switch appears as an FCF switch to nodes and as a node to the core switch.

For more information about NPV, see "Configuring NPV."

FCF-NPV mode

A VSAN on an FCF-NPV switch can operate in either of the following modes:

·           FCF mode—When a VSAN operates in this mode, the VSAN acts as an FCF switch. For application scenarios of FCF switches, see "FCF mode."

·           NPV mode—When a VSAN operates in this mode, the VSAN acts as an NPV switch. For application scenarios of NPV switches, see "NPV mode."

Transit mode

FCoE supports FC SANs built on lossless Ethernet networks, and allows Transit switches to be added between FCF switches and ENodes. Figure 12 shows a scenario where ENodes are connected to FCF switches through a Transit switch.

Figure 12 Transit network diagram

 

Ethernet interfaces on a Transit switch can operate in ENode mode or FCF mode.

·           An Ethernet interface connected to an ENode must be configured to operate in ENode mode.

·           An Ethernet interface connected to an FCF switch must be configured to operate in FCF mode.

When Transit switches are interconnected, you must configure Ethernet interfaces to operate in the correct modes. As shown in Figure 13, ENode 2 can register with only FCF switch 2. To register ENode 2 with FCF switch 1, you must swap the operating modes of the Ethernet interfaces that connect the two Transit switches.

Figure 13 Transit cascading network diagram

 

Figure 14 shows a network scenario where both Transit and NPV switches are present.

Figure 14 Network diagram for NPV and Transit switches

 

The primary responsibilities of Transit switches are filtering and forwarding FCoE protocol packets. They can recognize and control FCoE frames as compared to standard Ethernet switches. However, they do not provide FCoE traffic processing capabilities as complex as FCF switches or NPV switches.

Protocols and standards

·           FC-FS-3, Fibre Channel - Framing and Signaling - 3

·           FC-SW-5, Fibre Channel - Switch Fabric - 5

·           FC-LS-2, Fibre Channel - Link Services - 2

·           FC-GS-6, Fibre Channel - Generic Services - 6

·           FC-BB-5, Fibre Channel - Back Bone – 5

 


FCoE configuration guidelines

Installing a license

To use FCoE, you must install a valid license. For more information about licenses, see Fundamentals Configuration Guide.

Configuring the switch to operate in advanced mode or expert mode

The switch supports FCoE only when it is operating in advanced mode or expert mode. For more information about system operating modes, see Fundamentals Configuration Guide.

The switch supports FCoE over S-channel only when it is operating in expert mode. FCoE over S-channel allows you bind a VFC interface to an S-channel interface (see FCoE Command Reference).

Configuring an FCoE mode

An FCoE-capable switch can operate in non-FCoE mode or in one of the four FCoE modes (FCF, NPV, FCF-NPV, or Transit).

To configure a switch operating in one FCoE mode to operate in another FCoE mode, perform the following tasks:

1.      Configure the switch to operate in non-FCoE mode.

2.      Configure the switch to operate in the target FCoE mode.

After you configure the switch to operate in non-FCoE mode, FCoE-related configurations in the original FCoE mode are cleared.

To configure an FCoE mode for a switch:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Configure an FCoE mode for the switch.

fcoe-mode { fcf | fcf-npv | npv | transit }

By default, a switch operates in non-FCoE mode.

Before configuring FCoE features on a switch, you must configure an FCoE mode for the switch.

3.      Display an FCoE mode of the switch.

display fcoe-mode

Available in any view.

 

FCoE features supported in different FCoE modes

Switches operating in different FCoE modes support different FCoE features, as shown in Table 1.

For an FCF-NPV switch, follow these guidelines:

·           When a VSAN on the switch operates in FCF mode, the VSAN supports the same FCoE features as an FCF switch.

·           When a VSAN on the switch operates in NPV mode, the VSAN supports the same FCoE features as an NPV switch.

Table 1 FCoE features supported in different FCoE modes

FCoE feature

FCF switch

FCF-NPV switch (FCF mode)

NPV switch

FCF-NPV switch (NPV mode)

Transit switch

Configuring VFC interfaces

Supported.

Supported.

Not supported.

Enabling FCoE

Supported.

Supported.

Not supported.

Configuring VSANs

Supported.

Supported.

Not supported.

Building a fabric

Supported.

Only the Setting fabric timers feature is supported.

Not supported.

Configuring FC routing and forwarding

Supported.

Only the following features are supported:

·          Displaying FC routing table information.

·          Displaying FC FIB table information.

·          Display FC Exchange table information.

Not supported.

Configuring FC zones

Supported.

Not supported.

Not supported.

Configuring NPV

Not supported.

Supported.

Not supported.

Configuring FIP snooping

Not supported.

Not supported.

Supported.

Configuring port security

Supported.

Not supported.

Not supported.

Configuring FCS

Supported.

Not supported.

Not supported.

Configuring FDMI

Supported.

Not supported.

Not supported.

Configuring FC ping

Supported.

Not supported.

Not supported.

Configuring FC tracert

Supported.

Not supported.

Not supported.

 

 


Configuring VFC interfaces

A VFC interface can connect to an ENode or a switch. A VFC interface is a virtual logical interface. It implements the functionality of an FC interface. To make a VFC interface work, bind it to a physical Ethernet interface. The switch encapsulates the FC frames on the VFC interface in FCoE frames and transmits the frames over the Ethernet link.

To avoid FCoE packet loss in the Ethernet, you must perform the following tasks on the Ethernet interface bound to the VFC interface:

·           Configure data center bridging exchange (DCBX), priority-based flow control (PFC) in auto mode, and enhanced transmission selection (ETS) on the Ethernet interfaces that connect the switch to servers.

·           Configure DCBX and PFC in auto mode on the Ethernet interfaces that connect the switch to disk devices.

·           Forcibly enable PFC on the Ethernet interfaces that connect the switch to other switches.

For more information about DCBX, PFC, and ETS, see Layer 2—LAN Switching Configuration Guide.

Configuring a VFC interface

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Create a VFC interface and enter its view.

interface vfc interface-number

N/A

3.      Configure the VFC interface mode.

fc mode { e | f | np }

By default, a VFC interface operates in F mode.

·          An FCF supports E and F modes.

·          An NPV switch supports F and NP modes.

·          An FCF-NPV switch supports E, F, and NP modes.

4.      Bind the VFC interface to the specified Ethernet interface.

bind interface interface-type interface-number [ mac mac-address ]

By default, no Ethernet interface is bound to a VFC interface.

The VFC interface sends and receives packets through the Ethernet interface bound to it.

5.      Assign the VFC interface to the specified VSAN as a trunk port.

port trunk vsan vsan-id

By default, a VFC interface does not belong to any VSAN as a trunk port.

6.      (Optional.) Configure a description for the VFC interface.

description text

By default, the description of an interface is interface name Interface, for example, Vfc1 Interface.

7.      (Optional.) Configure the expected bandwidth of the VFC interface.

bandwidth bandwidth-value

By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000.

The default baud rate of a VFC interface is 10 Gbps.

8.      (Optional.) Restore the default settings for the VFC interface.

default

N/A

9.      Bring up the VFC interface.

undo shutdown

By default, a VFC interface is up.

 

Displaying and maintaining VFC interfaces

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display VFC interface information.

display interface [ vfc ] [ brief [ down ] ]

display interface [ vfc [ interface-number ] ] [ brief [ description ]

Clear statistics for VFC interfaces.

reset counters interface [ vfc [ number ] ]

 

 


Enabling FCoE

To make the FCoE features operate correctly, you must enable FCoE.

FCoE enabling configuration task list

Tasks at a glance

(Required.) Enabling FCoE in a VLAN and mapping the VLAN to a VSAN

(Optional.) Setting an FC-MAP value

(Optional.) Setting an FKA advertisement interval value

(Optional.) Setting the FCF priority

 

Enabling FCoE in a VLAN and mapping the VLAN to a VSAN

When you use a VFC interface to transmit packets, the Ethernet interface bound to the VFC interface might allow multiple VLANs. You must enable FCoE in one of these VLANs and map a VSAN to the VLAN. Then, the packets from the VSAN are tagged with the VLAN tag and transmitted within the VLAN.

After you enable FCoE in a VLAN, the following changes occur on the VLAN:

·           An FCoE-capable VLAN allows only FCoE traffic.

·           All member ports in an FCoE-capable VLAN are isolated and will not form loops. For this reason, you do not need to enable STP or other loop detection protocols in an FCoE-capable VLAN. Otherwise, FCoE links might be blocked.

·           A Layer 2 protocol enabled in the FCoE-capable VLAN runs based on the topology where all member ports in the VLAN are isolated at Layer 2.

Configuration restrictions and guidelines

When you configure this feature, follow these restrictions and guidelines:

·           FCoE cannot be enabled in VLAN 1.

·           Do not configure this feature in a reserved VLAN. If you configure this feature in a reserved VLAN, the VFC interfaces assigned to the mapped VSAN as trunk ports cannot come up. For more information about reserved VLANs, see Layer 2—LAN Switching Command Reference.

·           VSANs are mapped to VLANs on a one-to-one basis.

·           When you use a VFC interface to transmit packets, you must enable FCoE in the same VLAN and map this VLAN to the same VSAN at the two ends.

·           Make sure the Ethernet interface bound to the VFC interface allows the FCoE-capable VLAN.

Configuration procedure

To enable FCoE in a VLAN and map the VLAN to a VSAN:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VLAN view.

vlan vlan-id

N/A

3.      Enable FCoE in the VLAN and map the VLAN to a VSAN.

fcoe enable [ vsan vsan-id ]

By default, FCoE is disabled in a VLAN.

Make sure the VSAN to be mapped has been created.

 

Setting an FC-MAP value

An FC-MAP value identifies an FCoE network. Switches in the same FCoE network must have the same FC-MAP value.

After an FC-MAP value is set, VFC interfaces perform a FIP renegotiation. The same FC-MAP value is required for two VFC interfaces to negotiate successfully.

On FCF or NPV switches, you can set an FC-MAP value only in system view. On FCF-NPV switches, you can set an FC-MAP value only in VLAN view.

Setting an FC-MAP value on an FCF or NPV switch

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Set an FC-MAP value.

fcoe fcmap fc-map

The default setting is 0x0EFC00.

 

Setting an FC-MAP value on an FCF-NPV switch

To set an FC-MAP value on an FCF-NPV switch:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VLAN view.

vlan vlan-id

N/A

3.      Set an FC-MAP value.

fcoe fcmap fc-map

The default setting is 0x0EFC00.

 

Setting an FKA advertisement interval value

The FKA advertisement interval determines the length of time it takes for the switch to detect the disconnection of a virtual link.

A switch uses the following process to maintain the virtual link established with a peer switch:

1.      The switch sends unsolicited Discovery Advertisements at the FKA advertisement interval out of its VFC interfaces operating in E mode.

The FKA advertisement interval value is carried in unsolicited Discovery Advertisements.

2.      After receiving an unsolicited Discovery Advertisement, the peer switch maintains the status of the virtual link and records the FKA advertisement interval value.

If the peer switch fails to receive an unsolicited Discovery Advertisement within 2.5 FKA advertisement intervals, it deletes the virtual link.

A switch uses the following process to maintain the virtual link established with a peer ENode:

1.      The switch sends unsolicited Discovery Advertisements at the FKA advertisement interval out of its VFC interfaces operating in F mode.

The FKA advertisement interval value is carried in unsolicited Discovery Advertisements.

2.      After receiving an unsolicited Discovery Advertisement, the peer ENode maintains the status of the virtual link and records the FKA advertisement interval value.

If the peer ENode fails to receive an unsolicited Discovery Advertisement within 2.5 FKA advertisement intervals, it deletes the virtual link.

In addition, the ENode sends keepalive frames to the switch every FKA advertisement interval value. This value is obtained from unsolicited Discovery Advertisements received from the switch. After receiving a keepalive frame, the switch maintains the status of the virtual link. If the switch fails to receive a keepalive frame within 2.5 FKA advertisement intervals, it deletes the virtual link.

Configuration restrictions and guidelines

When setting an FKA advertisement interval value on an FCF or NPV switch, use Table 2 as a reference to avoid service disruption.

Table 2 Recommended values for different application scenarios

Recommended value

Application scenarios

Remarks

Less than 90 seconds

Connected to servers, storage devices, or third-party switches.

According to FC-BB-5, the upper limit of the FKA advertisement interval value is 90 seconds. In this scenario, an FCF switch or NPV switch operating in standalone mode or in IRF mode but without subordinate switches will experience FCoE traffic disruption during an ISSU reboot for the following reasons:

·          The ISSU reboot takes more than 225 (2.5*90) seconds.

·          The peer deletes the virtual link for failing to receive unsolicited Discovery Advertisements within 225 seconds.

You must also adjust the FKA advertisement interval value on the upstream FCF switch to ensure service continuity in the following cases:

·          Active/standby switchover on an NPV switch .

·          ISSU reboot on an IRF member NPV switch with subordinate switches.

You must do that for the following reasons:

·          The FKA advertisement interval value configured on the NPV switch affects only its VFC interfaces in F mode and connected ENodes.

·          Its VFC interfaces in NP mode use the FKA advertisement interval value learned from the upstream FCF switch.

60–90 seconds

Active/standby switchover on the switch takes more than 2.5 x 60 seconds because of the amount of FCoE configuration.

ISSU reboot on an IRF member switch with subordinate switches takes more than 2.5 x 60 seconds because of the amount of FCoE configuration.

For more information about ISSU, see Fundamentals Configuration Guide.

300–600 seconds

ISSU reboot on a switch operating in standalone mode or in IRF mode but without subordinate switches and connecting to no nodes.

During an ISSU reboot on a switch operating in standalone mode or in IRF mode but without subordinate switches, the switch cannot send unsolicited Discovery Advertisements or keepalive frames.

 

Configuration procedure

On FCF or NPV switches, you can set the FKA advertisement interval value only in system view. On FCF-NPV switches, you can set the FKA advertisement interval value only in VLAN view.

Setting an FKA advertisement interval value on an FCF or NPV switch

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Set an FKA advertisement interval value.

fcoe fka-adv-period fka-adv-period

The default setting is 8 seconds.

 

Setting an FKA advertisement interval value on an FCF-NPV switch

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VLAN view.

vlan vlan-id

N/A

3.      Set an FKA advertisement interval value.

fcoe fka-adv-period fka-adv-period

The default setting is 8 seconds.

 

Setting the FCF priority

The FCF priority includes the system FCF priority and the VFC interface FCF priority.

·           System FCF priorityThe system FCF priority is used in the fcf priority field in a solicited Discovery Advertisement.

·           VFC interface FCF priorityThe VFC interface FCF priority is used in the fcf priority field in an unsolicited Discovery Advertisement.

An ENode selects the FCF switch with the highest priority from the FCF switches sending Discovery Advertisements and sends a FLOGI request to the FCF switch for login.

The FCF priority takes effect only on VFC interfaces operating in F mode. You can configure the FCF priority for a VFC interface operating in E mode. However, the configuration does not take effect.

Setting the system FCF priority

On FCF or NPV switches, you can set the system FCF priority only in system view. On FCF-NPV switches, you can set the system FCF priority only in VLAN view.

Setting the system FCF priority on an FCF or NPV switch

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Set the system FCF priority.

fcoe global fcf-priority priority

The default setting is 128.

The setting takes effect on all VFC interfaces operating in F mode.

 

Setting the system FCF priority on an FCF-NPV switch

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VLAN view.

vlan vlan-id

N/A

3.      Set the system FCF priority.

fcoe global fcf-priority priority

The default setting is 128.

The setting takes effect on all VFC interfaces operating in F mode in the VLAN.

 

Setting the VFC interface FCF priority

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

N/A

3.      Set the FCF priority for the VFC interface.

fcoe fcf-priority priority

The default setting is 128.

 

Displaying and maintaining FCoE

Execute display commands in any view.

 

Task

Command

Remarks

Display global FCoE configuration.

display fcoe

This command is supported only on FCF and NPV switches.

Display the FCoE configuration in a VLAN.

display fcoe vlan vlan-id

This command is supported only on FCF-NPV switches.

 

FCoE configuration example

Network requirements

As shown in Figure 15, use FCoE in a data center that combines a LAN and a SAN to reduce the number of devices, network adapters, and cables.

Figure 15 Network diagram

 

Configuration procedure

Configure Switch A as follows:

1.      Enable the advanced mode:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode AdvancedBridge

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

2.      Configure VLANs and interfaces:

# Create VLAN 10 and VLAN 20, which are intended to transmit Ethernet data traffic and storage traffic, respectively.

<SwitchA> system-view

[SwitchA] vlan 10

[SwitchA-vlan10] quit

[SwitchA] vlan 20

[SwitchA-vlan20] quit

# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type hybrid

# Assign Ten-GigabitEthernet 1/0/1 to VLAN 10 as an untagged member.

[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid vlan 10 untagged

# Assign interface Ten-GigabitEthernet 1/0/1 to VLAN 20 as a tagged member.

[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid vlan 20 tagged

# Configure VLAN 10 as the PVID of interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid pvid vlan 10

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the interface to VLAN 20.

[SwitchA] interface ten-gigabitethernet 1/0/2

[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 20

[SwitchA-Ten-GigabitEthernet1/0/2] quit

# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign the interface to VLAN 10.

[SwitchA] interface ten-gigabitethernet 1/0/3

[SwitchA-Ten-GigabitEthernet1/0/3] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/3] port trunk permit vlan 10

[SwitchA-Ten-GigabitEthernet1/0/3] quit

3.      Configure DCBX:

# Enable LLDP globally.

[SwitchA] lldp global enable

# Create Ethernet frame header ACL 4000.

[SwitchA] acl number 4000 name DCBX

# Configure the ACL to permit FCoE frames (protocol number is 0x8906) to pass through.

[SwitchA-acl-ethernetframe-4000] rule 0 permit type 8906 ffff

# Configure the ACL to permit FIP protocol packets (protocol number is 0x8914) to pass through.

[SwitchA-acl-ethernetframe-4000] rule 5 permit type 8914 ffff

[SwitchA-acl-ethernetframe-4000] quit

# Create a class named DCBX, with the operator of the class as OR.

[SwitchA] traffic classifier DCBX operator or

# Use ACL 4000 as the match criterion of the class.

[SwitchA-classifier-DCBX] if-match acl 4000

[SwitchA-classifier-DCBX] quit

# Create a behavior named DCBX.

[SwitchA] traffic behavior DCBX

# Configure the behavior to mark packets with 802.1p priority value 3.

[SwitchA-behavior-DCBX] remark dot1p 3

[SwitchA-behavior-DCBX] quit

# Create a QoS policy named DCBX.

[SwitchA] qos policy DCBX

# Associate class DCBX with traffic behavior DCBX in the QoS policy, and specify that the association apply to DCBX.

[SwitchA-qospolicy-DCBX] classifier DCBX behavior DCBX mode dcbx

[SwitchA-qospolicy-DCBX] quit

# Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] lldp enable

[SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx

# Apply QoS policy DCBX to the outgoing traffic of Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy DCBX outbound

4.      Configure PFC:

# Enable PFC in auto mode on Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control auto

# Enable PFC for 802.1p priority 3 on the interface.

[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control no-drop dot1p 3

# Configure the interface to trust the 802.1p priority included in incoming packets.

[SwitchA-Ten-GigabitEthernet1/0/1] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Enable PFC by force on Ten-GigabitEthernet 1/0/2.

[SwitchA] interface ten-gigabitethernet 1/0/2

[SwitchA-Ten-GigabitEthernet1/0/2] priority-flow-control enable

# Enable PFC for 802.1p priority 3 on the interface.

[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control no-drop dot1p 3

# Configure the interface to trust the 802.1p priority included in incoming packets.

[SwitchA-Ten-GigabitEthernet1/0/1] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/1] quit

5.      Configure ETS:

# Configure the 802.1p-local priority mapping table as follows:

?  Map 802.1p priority value 3 to local precedence 1.

?  Map the other 802.1p priorities to local precedence 0.

[SwitchA] qos map-table dot1p-lp

[SwitchA-maptbl-dot1p-lp] import 3 export 1

[SwitchA-maptbl-dot1p-lp] import 0 export 0

[SwitchA-maptbl-dot1p-lp] import 1 export 0

[SwitchA-maptbl-dot1p-lp] import 2 export 0

[SwitchA-maptbl-dot1p-lp] import 4 export 0

[SwitchA-maptbl-dot1p-lp] import 5 export 0

[SwitchA-maptbl-dot1p-lp] import 6 export 0

[SwitchA-maptbl-dot1p-lp] import 7 export 0

[SwitchA-maptbl-dot1p-lp] quit

# Enable byte-count WRR on Ten-GigabitEthernet 1/0/1.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr byte-count

# Configure WRR on Ten-GigabitEthernet 1/0/1:

?  Assign 50% of the interface bandwidth to the FCoE traffic (traffic assigned to queue 1).

?  Assign 50% of the interface bandwidth to Ethernet data traffic (traffic assigned to queue 0).

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af1 group 1 byte-count 1

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr be group 1 byte-count 1

# Assign the other queues to the SP group on interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af2 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af3 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af4 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr ef group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr cs6 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr cs7 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] quit

6.      Configure FCoE:

# Configure the switch to operate in FCF mode and create VSAN 10.

[SwitchA] fcoe-mode fcf

[SwitchA] vsan 10

[SwitchA-vsan10] quit

# Create VFC 1.

[SwitchA] interface vfc 1

# Set the mode of VFC 1 to F.

[SwitchA-Vfc1] fc mode f

# Bind VFC 1 to Ten-GigabitEthernet 1/0/1.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 10 as a trunk port.

[SwitchA-Vfc1] port trunk vsan 10

[SwitchA-Vfc1] quit

# Create VFC 2.

[SwitchA] interface vfc 2

# Set the mode of VFC 2 to E.

[SwitchA-Vfc2] fc mode e

# Bind VFC 2 to Ten-GigabitEthernet 1/0/2.

[SwitchA-Vfc2] bind interface ten-gigabitethernet 1/0/2

# Assign VFC 2 to VSAN 10 as a trunk port.

[SwitchA-Vfc2] port trunk vsan 10

[SwitchA-Vfc2] quit

# Enable FCoE for VLAN 20, and map VLAN 20 to VSAN 10.

[SwitchA] vlan 20

[SwitchA-vlan20] fcoe enable vsan 10

 


Configuring VSANs

The virtual storage area network (VSAN) feature breaks a physical SAN into multiple VSANs, and provides more secure, reliable, and flexible services.

Devices in a VSAN cannot get information about any other VSAN and devices in any other VSAN. Each VSAN performs the following operations independently:

·           Selecting a principal switch.

·           Assigning domain IDs.

·           Running routing protocols.

·           Maintaining routing table and FIB table.

·           Providing services.

The VSAN feature delivers the following benefits:

·           Improved security—VSANs are isolated from each other.

·           Improved scalability—Each VSAN independently runs and provides services. Different VSANs can use the same address space so that network scalability is improved.

·           Flexibility—You can assign interfaces to different VSANs without changing the physical connections of the SAN.

VSAN fundamentals

VFC interfaces can only work as trunk ports. A trunk port can belong to multiple VSANs.

Trunk VSAN in an FC network

The trunk VSAN feature implements logical isolation among VSANs. The trunk VSAN adds a Virtual Fabric Tagging Header (VFT_Header, also known as VSAN tag) to the FC frames. The VFT_Header contains a VF_ID (also known as VSAN ID) field to indicate the VSAN of the FC frames. In this way, FC frames with different VF_IDs are contained in their respective VSANs, and different VSANs cannot communicate with each other. The trunk VSAN implements physical connectivity and logical isolation in the network.

Figure 16 shows a typical trunk VSAN.

·           The F_Ports in blue on switches are configured as access ports and assigned to VSAN 1.

·           The F_Ports in purple are configured as access ports and assigned to VSAN 2.

·           The E_Ports are configured with trunk VSANs 1 and 2.

When servers read the disks, the N_Ports of different servers send FC frames without VFT_Headers to the F_Ports on FC switch Switch A. Switch A searches for the outgoing interfaces in the FIB table of the VSAN that each F_Port belongs to. These F_Ports use the same E_Port as the outgoing interface. When the frames are forwarded out of the E_Port, they are tagged with the VFT_Header of VSAN 1 and VSAN 2. Then, they travel across multiple VSAN-capable switches to the E_Port of FC switch Switch B.

According to the VFT_Headers, Switch B searches for the outgoing interfaces in the FIB tables of the VSANs, and forwards them to the F_Ports. Then, the F_Ports remove the VFT_Headers and send the frames to the N_Ports of different disk devices. The frames from the disk devices to the server are processed in the same way and finally reach the servers.

Figure 16 Trunk VSAN network

 

During the transmission process, VFT_Headers are added to and removed from the frames. A switch can use the same physical interface to support multiple VSANs. The trunk VSAN feature reduces the number of physical connections, actually implementing logical isolation in a physical network.

Trunk VSAN in an FCoE network

FCoE transports FC over Ethernet. In an FCoE network:

·           VSANs in FC must be mapped to VLANs as configured by the user.

·           The FIB table for a VSAN is also stored on the relevant VLAN.

FCoE frames use VLAN_Header to replace VFT_Header in FC frames and are forwarded based on the VLAN ID in VLAN_Header.

A VFC interface can only work as a trunk port. The bound Ethernet interface must also be configured as a trunk port, and its trunk VLAN list must include the VLANs mapped to each VSAN in the trunk VSAN list of the VFC interface. An FCoE frame transmitted from a VFC interface can use the VLAN ID in VLAN_Header to identify the VLAN to which it belongs.

Creating a VSAN

By default, only the default VSAN (VSAN 1) exists. You cannot create or delete VSAN 1. You can create VSANs 2 to 3839.

The maximum number of VSANs (including VSAN 1) allowed on a switch is 16.

By default, registered N_Ports in a VSAN cannot access one another. You can allow these N_Ports to access one another by using either of the following methods:

·           Add these N_Ports to a zone, and activate the zone set where the zone belongs.

·           Configure the default zone policy.

For more information about zones, see "Configuring FC zones."

To create a VSAN:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Create a VSAN and enter VSAN view.

vsan vsan-id [ name vsan-name ]

By default, only VSAN 1 exists.

 

Setting the operating mode for a VSAN

You can configure either of the following operating modes for a VSAN on an FCF-NPV switch:

·           FCF mode—A VSAN operating in this mode acts as an FCF switch.

·           NPV mode—A VSAN operating in this mode acts as an NPV switch.

Only FCF-NPV switches support this configuration.

To set the operating mode for a VSAN:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id [ name vsan-name ]

N/A

3.      Set the operating mode for the VSAN.

working-mode { fcf | npv }

The default operating mode of a VSAN is NPV mode.

 

Configuring a trunk VSAN

VFC interfaces can be assigned to multiple VSANs as trunk ports.

If you assign an interface to VSANs as a trunk port multiple times, the new configuration does not overwrite the old configurations. The final trunk VSAN list is the union of all the VSANs to which you have assigned the interface.

To assign an interface to the specified VSANs as trunk ports:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

N/A

3.      Assign the interface to the specified VSANs as a trunk port so that the interface allows the specified VSANs to pass through.

port trunk vsan vsan-id-list

By default, an interface does not belong to any VSANs (including VSAN 1) as a trunk port.

You can assign an interface to a nonexistent VSAN as a trunk port.

 

Displaying and maintaining VSANs

Execute display commands in any view.

 

Task

Command

Remarks

Display the member ports of VSANs.

display vsan [ vsan-id ] port-member

N/A

Display the operating modes of VSANs.

display vsan [ vsan-id ] status

This command is supported only on FCF-NPV switches.

 

VSAN configuration examples

Network requirements

As shown in Figure 17, configure the SAN to meet the following requirements:

·           Server A can read and write only the data of Disk A and Disk B.

·           Server B can read and write only the data of Disk C.

Figure 17 Network diagram

 

Requirements analysis

To meet the network requirements, perform the following tasks:

·           Divide the SAN into two VSANs, VSAN 10 and VSAN 20. Configure the default zone policy in each VSAN to allow the zone members in the same VSAN to access one another.

·           Configure the two interfaces connecting Switch A to servers to operate in F mode, and assign the two interfaces to VSAN 10 and VSAN 20, respectively.

·           Configure the three interfaces connecting Switch B to disk devices to operate in F mode, and assign the interfaces as trunk ports to VSAN 10 or VSAN 20.

·           Configure the interfaces connecting Switch A and Switch B to operate in E mode, and assign the interfaces to VSANs 10 and 20 as trunk port, so that the link between the two FCF switches can send and receive the frames of the two VSANs at the same time.

Configuration procedure

This section describes only the VSAN configurations.

1.      Configure Switch A:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Create VSAN 10, and allow the zone members in the default zone to access one another.

[SwitchA] vsan 10

[SwitchA-vsan10] zone default-zone permit

[SwitchA-vsan10] quit

# Create VSAN 20, and allow the zone members in the default zone to access one another.

[SwitchA] vsan 20

[SwitchA-vsan20] zone default-zone permit

[SwitchA-vsan20] quit

# Create interface VFC 1.

[SwitchA] interface vfc 1

# Set the mode of VFC 1 to F.

[SwitchA-Vfc1] fc mode f

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 10 as a trunk port.

[SwitchA-Vfc1] port trunk vsan 10

[SwitchA-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Create interface VFC 2.

[SwitchA] interface vfc 2

# Set the mode of VFC 2 to F.

[SwitchA-Vfc2] fc mode f

# Bind VFC 2 to interface Ten-GigabitEthernet 1/0/2.

[SwitchA-Vfc2] bind interface ten-gigabitethernet 1/0/2

# Assign VFC 2 to VSAN 20 as a trunk port.

[SwitchA-Vfc2] port trunk vsan 20

[SwitchA-Vfc2] quit

# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 20.

[SwitchA] interface ten-gigabitethernet 1/0/2

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 20

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Create interface VFC 4.

[SwitchA] interface vfc 4

# Configure the mode of VFC 4 as E.

[SwitchA-Vfc4] fc mode e

# Bind VFC 4 to interface Ten-GigabitEthernet 1/0/4.

[SwitchA-Vfc4] bind interface ten-gigabitethernet 1/0/4

# Assign VFC 4 to VSANs 10 and 20 as a trunk port.

[SwitchA-Vfc4] port trunk vsan 10 20

[SwitchA-Vfc4] quit

# Configure Ten-GigabitEthernet 1/0/4 as a trunk port, and assign the port to VLANs 10 and 20.

[SwitchA] interface ten-gigabitethernet 1/0/4

[SwitchA-Ten-GigabitEthernet1/0/4] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/4] port trunk permit vlan 10 20

[SwitchA-Ten-GigabitEthernet1/0/4] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 10.

[SwitchA] vlan 10

[SwitchA-vlan10] fcoe enable vsan 10

[SwitchA-vlan10] quit

# Enable FCoE for VLAN 20, and map VLAN 20 to VSAN 20.

[SwitchA] vlan 20

[SwitchA-vlan20] fcoe enable vsan 20

[SwitchA-vlan20] quit

2.      Configure Switch B in the same way Switch A is configured.

Verifying the configuration

1.      Verify the configuration on Switch A by displaying member interfaces of each VSAN.

[SwitchA] display vsan port-member

VSAN 1:

  Access Ports:

  Trunk Ports:

 

VSAN 10:

  Access Ports:

  Trunk Ports:

    Vfc1

    Vfc4

 

VSAN 20:

  Access Ports:

  Trunk Ports:

    Vfc2

    Vfc4

2.      Verify the configuration on Switch B in the same way as you verify the configuration on Switch A.

 


Building a fabric

Overview

A fabric transmits data for servers and disk devices. When building a fabric, you must perform the following tasks:

·           Assign a domain ID to each FCF switch in the fabric.

·           Assign an FC address to each node connected to the fabric.

You can build a fabric through one of the following modes:

·           Dynamic mode—A principal switch is automatically selected to assign domain IDs to all switches in the fabric, and then each switch assigns FC addresses to the N_Ports connected to it. The dynamic mode enables centralized network management and is applicable to large-sized networks.

·           Static mode—You must manually assign domain IDs to all switches in the fabric, and then each switch assigns FC addresses to the N_Ports connected to it. The static mode avoids network flapping, but it is applicable only to simple, small-sized networks. This mode does not involve a principal switch selection process.

Figure 18 Fabric building workflows

 

Principal switch selection

During the dynamic fabric building process, it is the principal switch that assigns domain IDs to all switches in the network.

The switch with the highest priority is selected as the principal switch. When multiple switches have the same priority, the switch with the smallest WWN is selected.

The principal switch selection process is as follows:

1.      When the principal switch selection starts, each switch performs the following operations:

?  Considers itself to be the principal switch.

?  Records itself in the principal switch information.

?  Starts the Principal Switch Selection Timer (PSST), which is 10 seconds.

2.      Before the PSST expires, the switches exchange packets carrying the principal switch information to select a principal switch.

3.      On receiving a packet carrying principal switch information, a switch compares the priority and WWN of the principal switch carried in the packet with those locally recorded. The switch replaces the locally recorded principal switch information with the principal switch information recorded in the packet when any of the following conditions exist:

?  The priority carried in the packet is higher.

?  The priority in the packet is the same and the WWN is smaller.

Also, it notifies the other switches of the change. Finally, all switches in the network make an agreement on the principal switch.

4.      When the PSST expires, if the locally recorded principal switch information is the local switch, the switch becomes the principal switch.

After the principal switch is selected, the WWN of the principal switch becomes the fabric name.

 

 

NOTE:

During the process, if a switch receives a packet that updates the principal switch information, the switch must record the E_Port receiving the packet. The link relevant to this E_Port is called the upstream principal link.

 

Domain ID assignment

A domain represents a switch and all N_Ports connected to the switch. Each domain must have a domain ID.

Domain IDs can be manually configured or automatically assigned for FCF switches.

·           When you manually configure static domain IDs, you must assign a unique domain ID to each switch in the fabric.

·           When domain IDs are dynamically assigned, the fabric configuration process is performed to select a principal switch and assign domain IDs. After the principal switch is selected, the principal switch assigns domain IDs to all switches in the fabric. After the fabric configuration process, each switch has a unique domain ID.

The dynamic domain ID assignment process is as follows:

1.      The principal switch assigns itself a domain ID.

?  If you have configured a domain ID on the principal switch, the principal switch assigns itself the configured domain ID.

?  If you have not configured a domain ID on the principal switch, the principal switch assigns itself the smallest available domain ID.

2.      The principal switch notifies its downstream switches to request domain IDs from it.

3.      A downstream switch requests a domain ID from the principal switch.

If the downstream switch is configured with a domain ID, it requests the configured domain ID.

4.      The principal switch assigns a domain ID to the downstream switch according to the following rules:

?  If the downstream switch requests a configured domain ID that is available, the principal switch assigns the configured domain ID.

?  The principal switch assigns the smallest available domain ID when one of the following conditions exists:

-       The downstream switch does not request a configured domain ID.

-       The configured domain ID is not available.

?  If all available domain IDs have been assigned, the principal switch notifies the downstream switch that no domain ID can be assigned to it.

5.      After the downstream switch receives the domain ID assignment notification from the principal switch, it works according to the following rules:

?  The downstream switch isolates its upstream principal link and brings down the relevant interface when one of the following conditions exists:

-       The downstream switch has been configured with a static domain ID and the static domain ID is different from the one assigned by the principal switch.

-       The principal switch notifies the downstream switch that no domain ID can be assigned.

For more information about domain ID types, see "Configuring a domain ID for a switch."

?  If none of the preceding conditions exist, the downstream switch performs the following operations:

-       Accepts the domain ID assigned by the principal switch.

-       Notifies its downstream switches to request domain IDs from the principal switch.

6.      Steps 2 through 5 are repeated until all downstream switches have been assigned domain IDs.

 

 

NOTE:

During the process, if a switch receives a domain ID request on an E_Port, the switch records the E_Port. The link relevant to this E_Port is called the downstream principal link.

 

FC address assignment

After a switch obtains a domain ID, it assigns FC addresses to N_Ports directly connected.

The Domain_ID field in the FC address is the domain ID of the switch, and it does not need assignment.

The switch assigns an FC address according to the following rules:

·           If you bind the WWN of an N_Port to an FC address, the switch assigns the bound FC address to the N_Port.

·           If the N_Port itself has a desired FC address, the switch assigns the desired FC address, if available.

·           The switch assigns the smallest available area ID and port ID to the N_Port when one of the following conditions exists:

?  The N_Port itself does not have a desired FC address.

?  The desired FC address is unavailable.

Fabric building configuration task list

As a best practice, use the dynamic mode for large networks to facilitate centralized management and use the static mode for small networks to avoid network flapping.

Building a fabric statically

Tasks at a glance

Remarks

(Required.) Enabling or disabling the fabric configuration feature

To statically build a fabric, you must disable the fabric configuration feature.

(Required.) Setting a fabric name

When statically building a fabric, you must manually configure the fabric name, and make sure all switches in the fabric are configured with the same fabric name.

(Optional.) Configuring an allowed domain ID list

N/A

(Required.) Configuring a domain ID for a switch

When statically building a fabric, you must manually configure a domain ID for each switch.

(Optional.) Binding the WWN of an N_Port to an FC address

N/A

(Optional.) Setting fabric timers

N/A

(Optional.) Configuring RSCN aggregation

N/A

(Optional.) Configuring and obtaining FC4 information of nodes

N/A

(Optional.) Configuring Smart SAN

N/A

 

Building a fabric dynamically

Tasks at a glance

Remarks

(Required.) Enabling or disabling the fabric configuration feature

To dynamically build a fabric, you must enable the fabric configuration feature.

(Optional.) Setting the switch priority

Principal switch selection relies on the switch priority.

(Optional.) Configuring an allowed domain ID list

N/A

(Optional.) Configuring a domain ID for a switch

When dynamically building a fabric, you can configure desired domain IDs for switches.

(Optional.) Binding the WWN of an N_Port to an FC address

N/A

(Optional.) Setting fabric timers

N/A

(Optional.) Configuring fabric reconfiguration

N/A

(Optional.) Configuring an interface to reject incoming RCF requests

N/A

(Optional.) Enabling SNMP notifications for the fabric or name service module

N/A

(Optional.) Configuring RSCN aggregation

N/A

(Optional.) Configuring and obtaining FC4 information of nodes

N/A

(Optional.) Configuring Smart SAN

N/A

 

Enabling or disabling the fabric configuration feature

To dynamically build a fabric, you must enable the fabric configuration feature on switches. After you enable the fabric configuration feature on FCF switches, the switches exchange messages to select the principal switch. Then the principal switch dynamically assigns domain IDs to all switches in the fabric.

To statically build a fabric, you must disable the fabric configuration feature on switches and manually configure a unique domain ID for each switch. After you disable the fabric configuration feature on FCF switches, the switches will not select a principal switch and cannot obtain domain IDs dynamically.

Enabling the fabric configuration feature

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enable the fabric configuration feature for the VSAN.

domain configure enable

By default, the fabric configuration feature is enabled.

 

Disabling the fabric configuration feature

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Disable the fabric configuration feature for the VSAN.

undo domain configure enable

By default, the fabric configuration feature is enabled.

 

Setting a fabric name

You can set a fabric name for each VSAN on a switch. The default fabric name for a VSAN is the WWN of the switch.

Set the fabric names only when you build a fabric statically. Make sure the same fabric name is set for a VSAN on all switches in the fabric. In a dynamically built fabric, each VSAN uses the WWN of the principal switch as the fabric name.

To set a fabric name:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Set a fabric name.

fabric-name name

The default setting is the WWN of the switch.

Setting the switch priority

The FCF switch with the highest priority (smallest priority value) will be selected as the principal switch.

The priority is set on a per-VSAN basis, and one FCF switch can have different priorities in different VSANs.

In a stable fabric, the set priority does not take effect immediately. Therefore, the runtime priority of a switch might be different from the set priority. To make the set priority take effect, use the domain restart disruptive command to perform a disruptive reconfiguration. After a disruptive reconfiguration, the runtime priority could still be different from the set priority, depending on the set priority value, as shown in Table 3.

Table 3 Set priority and runtime priority mappings

Set priority

Running priority

≤ 2

·          Principal switch—Same as the set priority.

·          Non-principal switch—3.

> 2

·          Principal switch—2.

·          Non-principal switch—Same as the set priority.

 

To set the switch priority:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Set the switch priority in the VSAN.

priority value

The default setting is 128.

 

Configuring an allowed domain ID list

To successfully configure an allowed domain ID list on the principal switch, make sure all assigned and locally configured domain IDs are included in the list. After you configure an allowed domain ID list, the principal switch assigns only domain IDs available in the allowed list.

To successfully configure an allowed domain ID list on a non-principal switch, make sure the runtime domain ID of the switch is included in the allowed list. After you configure an allowed domain ID list on a non-principal switch, the following rules apply:

·           The locally configured domain ID must be included in the allowed list. Otherwise, the domain ID configuration fails.

·           The principal switch must assign a domain ID that is included in the allowed list of the non-principal switch. Otherwise, the non-principal switch refuses the assigned domain ID and isolates its interface connected to the principal switch.

As a best practice, configure the same allowed domain ID list for all switches in a VSAN.

To configure an allowed domain ID list:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Configure an allowed domain ID list for the VSAN.

allowed-domain-id domain-id-list

By default, the allowed domain IDs are 1 to 239.

 

Configuring a domain ID for a switch

In different scenarios, the configured domain ID has different meanings.

·           In a statically built fabric, a switch uses the configured domain ID as its actual domain ID. You must manually configure a domain ID for each switch.

·           In a dynamically built fabric, a switch requests the configured domain ID from the principal switch but might receive a different domain ID. Configuring a domain ID is optional in a dynamically built fabric.

The configured domain ID can be static or preferred.

·           In a statically built fabric, the two types make no difference.

·           In a dynamically built fabric, when the assigned domain ID and requested domain ID for a non-principal are different, the following rules apply:

?  If the configured domain ID is preferred, the non-principal switch accepts the domain ID assigned by the principal switch.

?  If the configured domain ID is static, the non-principal switch isolates the upstream principal link and refuses the assigned domain ID.

As a best practice, configure domain IDs of the same type for all switches in a VSAN.

To configure a domain ID for a switch:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Configure a domain ID in the VSAN.

domain-id domain-id { preferred | static }

By default, the configured domain ID is 0 preferred.

 

Binding the WWN of an N_Port to an FC address

If you bind the WWN of an N_Port to an FC address, the switch assigns the FC address to the N_Port when the N_Port requests an FC address.

The WWN of an N_Port can be bound to only one FC address, and vice versa.

The N_Port here indicates an N_Port on a node or an NP_Port on an NPV switch.

To bind the WWN of an N_Port to an FC address:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Bind the WWN of an N_Port to an FC address.

wwn wwn-value area-port-id area-port-id-value

By default, no WWN-to-FC address binding exists.

If the N_Port has been assigned another FC address or the FC address has been assigned to another N_Port, the binding fails.

 

Setting fabric timers

The fabric operation involves the following timers:

·           Distributed service timeout period.

·           Error detection timeout period.

·           Resource allocation timeout period.

For more information about these timers, see FC-related protocols and standards.

You can set fabric timers in either of the following views:

·           System view—The setting takes effect on all VSANs.

·           VSAN view—The setting takes effect only on the VSAN.

If you set a fabric timer in both system view and VSAN view, the setting in VSAN view applies to the VSAN.

Setting fabric timers in system view

Step

Command

Remarks

4.      Enter system view.

system-view

N/A

5.      Set the global distributed service timeout period.

fc timer distributed-services value

The default setting is 5000 milliseconds.

6.      Set the global error detection timeout period.

fc timer error-detect value

The default setting is 2000 milliseconds.

7.      Set the global resource allocation timeout period.

fc timer resource-allocation value

The default setting is 10000 milliseconds.

 

Setting fabric timers in VSAN view

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Set the distributed service timeout period for the VSAN.

timer distributed-services value

The default setting is 5000 milliseconds.

4.      Set the error detection timeout period for the VSAN.

timer error-detect value

The default setting is 2000 milliseconds.

5.      Set the resource allocation timeout period for the VSAN.

timer resource-allocation value

The default setting is 10000 milliseconds.

 

Configuring fabric reconfiguration

IMPORTANT

IMPORTANT:

The fabric reconfiguration feature takes effects only when the fabric configuration feature is enabled.

 

A fabric reconfiguration can be performed manually or automatically by using the automatic reconfiguration feature.

A fabric reconfiguration triggers a principal switch selection process.

A fabric reconfiguration can be disruptive or nondisruptive, depending on its level of impact on the fabric.

·           Disruptive reconfiguration—Floods the Reconfigure Fabric (RCF) frames throughout the fabric, and notifies all switches to perform a disruptive reconfiguration. During the reconfiguration procedure, each switch clears all data and performs renegotiation. Data transmission in the fabric is disrupted.

·           Nondisruptive reconfiguration—Floods Build Fabric (BF) frames throughout the fabric, and notifies all switches to perform a nondisruptive reconfiguration. During the reconfiguration procedure, each switch tries to save the last running data for its domain ID to remain unchanged. Thus, data transmission in the fabric is not disrupted.

You can manually perform a disruptive reconfiguration after an interface is isolated or the priority of a switch is modified in a fabric.

A disruptive reconfiguration is automatically performed if the domain ID lists overlap when two fabrics are merged.

A nondisruptive reconfiguration is automatically performed when one of the following conditions exists:

·           When two fabrics are merged, the principal switch information of the two fabrics is different, and the domain ID lists are not empty and do not overlap.

·           A principal link in a fabric goes down.

Enabling the automatic reconfiguration feature

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enable the automatic reconfiguration feature.

domain auto-reconfigure enable

By default, the automatic reconfiguration feature is disabled.

 

Manually initiating a fabric reconfiguration

Step

Command

1.      Enter system view.

system-view

2.      Enter VSAN view.

vsan vsan-id

3.      Manually initiate a fabric reconfiguration.

domain restart [ disruptive ]

 

Configuring an interface to reject incoming RCF requests

In a stable fabric, to avoid unnecessary disruptive reconfigurations, you can configure an interface to reject RCF requests received in a VSAN. With this feature, when the interface receives RCF requests in the VSAN, the switch replies with a reject message and isolates the interface.

To configure an interface to reject received RCF requests:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

N/A

3.      Configure the interface to reject RCF requests received in a VSAN.

fc domain rcf-reject vsan vsan-id

By default, an interface does not reject received RCF requests.

 

Enabling SNMP notifications for the fabric or name service module

After you enable SNMP notifications for the fabric module or name service module, that module generates notifications for important events and sends the notifications to the SNMP module. For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide.

To enable SNMP notifications for the fabric or name service module:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enable SNMP notifications for the fabric module.

snmp-agent trap enable fc-fabric [ domain-id-change | fabric-change ] *

By default, all SNMP notifications for the fabric module are disabled.

3.      Enable SNMP notifications for the name service module.

snmp-agent trap enable fc-name-service [ login | logout ] *

By default, all SNMP notifications for the name service module are disabled.

 

Configuring RSCN aggregation

RSCN

An FCF switch uses a name service database to store information about registered nodes on the local switch and on remote switches in the fabric. The switch sends Registered State Change Notifications (RSCNs) to inform node information changes (node registration, node deregistration, or registration information change). An RSCN includes only the FC address of the node where the change occurred.

When a change occurs, the switch sends ELS_RSCNs to its concerned registered nodes and SW-RSCNs to all reachable switches in the fabric. After receiving an RSCN, a switch or node automatically sends a name service query to obtain the new information. The switch receiving an RSCN also sends ELS_RSCNs to notify their concerned registered nodes. As a result, the changed information is notified and updated throughout the fabric.

 

 

NOTE:

·       Support for SW-RSCNs depends on the ESS negotiation between switches.

·       Concerned registered nodes refer to the nodes that have sent SCR requests to the switch for receiving RSCNs. Only these registered nodes can receive and respond to ELS_RSCNs.

 

RSCN aggregation

If changes occur on multiple nodes at the same time, the switch quickly sends multiple ELS_RSCNs for each change to the concerned registered nodes. This reduces the transmission and processing performance.

RSCN aggregation can alleviate the problem by using an RSCN aggregation timer. If multiple changes occur within the RSCN aggregation timer, the switch sends the FC addresses of the nodes with changes in one RSCN.

Configuration procedure

As a best practice, enable RSCN aggregation and set the same timer value on all switches in a VSAN. The RSCN aggregation timer takes effect only when RSCN aggregation is enabled.

To configure RSCN aggregation:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enable RSCN aggregation.

rscn aggregation enable

By default, RSCN aggregation is disabled.

4.      Set the RSCN aggregation timer.

rscn aggregation timer time

The default setting is 2000 milliseconds.

You can adjust this timer to control the frequency the switch responds to node information changes based on switch performance.

 

Configuring and obtaining FC4 information of nodes

After a node registers with a switch through a FLOGI, the node sends a name service registration request to the switch to register extended information, including FC4 information.

FC4 information includes the following fields to describe the FC4-layer protocol supported by a node and the feature of the supported protocol.

·           FC4-Type—FC4-layer protocol supported by a node, including SCSI-FCP, IP, SNMP, and NPV.

·           Feature—Feature of the supported FC4-layer protocol. Each FC4-layer protocol can include one of the four Features and defines the meaning of each Feature.

Before communicating with other nodes, a node obtains information about all nodes that support SCSI-FCP from the switch. To display the FC4 information of nodes in the name service database, use the display fc name-service database command.

When registering extended information:

·           A server registers SCSI-FCP for FC4-Type and Initiator for Feature.

·           A disk device registers SCSI-FCP for FC4-Type and Target for Feature.

As a result, servers can determine the disk devices to send access requests after obtaining information about nodes supporting SCSI-FCP.

Enabling SCSI-FCP information autodiscovery

In some situations, for example, when a node logs out and then logs back in, the node does not register SCSI-FCP support. As a result, the node does not have a Feature value. This might cause communication failure between the node and other nodes.

This feature enables the switch to automatically obtain SCSI-FCP support and the Feature value by sending a PRLI packet to the node that is logging in. Then, the switch stores the SCSI-FCP information in the name service database.

 

 

NOTE:

After this feature is enabled, nodes with older-model HBAs might not actively register name service information with the switch.

 

To enable SCSI-FCP information autodiscovery:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enable SCSI-FCP information autodiscovery.

fc name-service auto-discovery

By default, SCSI-FCP information autodiscovery is enabled.

 

Configuring the default FC4 information for a node

The switch records the default FC4 information in the name service database for a node when the following conditions exist:

·           The node does not register FC4 information.

·           The switch fails to obtain SCSI-FCP information from the node.

The switch replaces the default FC4 information with the registered FC4 information or obtained SCSI-FCP information when any of the following events occur:

·           A node registers FC4 information.

·           The switch obtains the SCSI-FCP information.

The fc wwn default-fc4-type command can configure only one combination of FC4-Type and Feature at a time.

To configure the default FC4 information for a node:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Configure the default FC4 information for a node.

fc wwn wwn-value default-fc4-type { type-value feature feature-map | scsi-fcp feature { feature-map | both | initiator | target } }

By default, no default FC4 information is configured.

 

Configuring Smart SAN

This feature is available only on FCF and FCF-NPV switches.

Overview

Smart SAN is a SAN configuration and management solution that is designed for intelligence, simplicity, ease of maintenance, ease of diagnosis, and self-healing. Smart SAN simplifies user operations while increasing manageability for SANs. Smart SAN is deployed on all SAN network elements (storage devices, servers, and switches). A switch with Smart SAN enabled performs the following operations:

·           Collects information about servers and storage devices for mutual discovery.

·           Controls access between servers and storage devices, and automates zoning configuration.

The zoning configuration includes creating and deleting peer zones, adding members to peer zones, and adding peer zones to a zone set and activating the zone set.

·           Collects diagnostic information about servers and storage devices by using Read Diagnostic Parameters (RDP) request packets for network monitoring and diagnosis.

·           Controls automatic login of servers and storage devices.

Configuration procedure

Smart SAN can be configured for FC/FCoE and iSCSI. Smart SAN for iSCSI is not supported in the current software version.

After Smart SAN is enabled for FC/FCoE, the switch notifies the following modules to act as shown below:

·           FDMI—This module performs the following operations:

a.    Regularly sends RDP request packets to request diagnostic information about nodes.

b.    Updates information about local ports.

c.    Sends Add Diagnostic Parameters (ADP) packets to other switches to synchronize RDP database information.

·           FC zone—This module automatically configures each VSAN to operate in enhanced zoning mode.

To configure Smart SAN:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enable Smart SAN.

smartsan enable [ fcoe ]

By default, Smart SAN is disabled.

3.      Set the interval for sending RDP request packets.

rdp request-polling-interval interval

The default setting is 30 minutes.

This command can be used only after Smart SAN is enabled for FC/FCoE.

 

Displaying and maintaining a fabric

Execute display commands in any view.

 

Task

Command

Display the domain information of a VSAN.

display fc domain [ vsan vsan-id ]

Display the list of domain IDs dynamically allocated in a VSAN.

display fc domain-list [ vsan vsan-id ]

Display fabric timers.

display fc timer [ distributed-services | error-detect | resource allocation ] [ vsan vsan-id ]

Display the WWN of the local switch.

display fc switch-wwn

Display node login information.

display fc login [ vsan vsan-id ] [ count ]

Display the SCR table for an N_Port.

display fc scr-table [ vsan vsan-id ] [ count ]

Display name service database information.

display fc name-service database [ vsan vsan-id [ fcid fcid ] ] [ verbose ]

display fc name-service database [ vsan vsan-id ] count

Display ESS negotiation results.

display fc ess [ vsan vsan-id ]

Display Smart SAN status.

display smartsan status

Display the interval for sending RDP request packets.

display rdp request-polling-interval

Display RDP database information.

display rdp database [ port-name port-name ]

 

Fabric building configuration examples

Static fabric building configuration example

Network requirements

As shown in Figure 19, use the static method to build a fabric.

Figure 19 Network diagram

 

Configuration procedure

This section describes only the fabric building configuration.

1.      Configure Switch A:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Disable the fabric configuration feature in VSAN 1.

[SwitchA] vsan 1

[SwitchA-vsan1] undo domain configure enable

# Configure a fabric name in VSAN 1.

[SwitchA-vsan1] fabric-name 11:11:11:11:11:11:11:11

# Set the domain ID to 1 in VSAN 1.

[SwitchA-vsan1] domain-id 1 static

2.      Configure Switch B:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchB> system-view

[SwitchB] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchB] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchB] quit

# Reboot the switch.

<SwitchB> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchB> system-view

[SwitchB] fcoe-mode fcf

# Disable the fabric configuration feature in VSAN 1.

<SwitchB> system-view

[SwitchB] vsan 1

[SwitchB-vsan1] undo domain configure enable

# Configure a fabric name in VSAN 1.

[SwitchB-vsan1] fabric-name 11:11:11:11:11:11:11:11

# Set the domain ID to 2 in VSAN 1.

[SwitchB-vsan1] domain-id 2 static

Verifying the configuration

1.      Verify the configuration on Switch A.

[SwitchA-vsan1] display fc domain vsan 1

Domain Information of VSAN 1:

 

    Running time information:

        State: Stable

        Switch WWN: 48:33:43:2d:46:43:1A:1A

        Fabric name: 11:11:11:11:11:11:11:11

        Priority: 128

        Domain ID: 1

    Configuration information:

        Domain configure: Disabled

        Domain auto-reconfigure: Disabled

        Fabric name: 11:11:11:11:11:11:11:11

        Priority: 128

        Domain ID: 1 (static)

    Principal switch running time information:

        Priority: 128

 

    No interfaces available.

The output shows that:

?  The domain configuration was complete.

?  The runtime domain ID of Switch A is 1.

2.      Verify the configuration on Switch B.

[SwitchB-vsan1] display fc domain vsan 1

Domain Information of VSAN 1:

 

    Running time information:

        State: Stable

        Switch WWN: 48:33:43:2d:46:43:1B:1B

        Fabric name: 11:11:11:11:11:11:11:11

        Priority: 128

        Domain ID: 2

    Configuration information:

        Domain configure: Disabled

        Domain auto-reconfigure: Disabled

        Fabric name: 11:11:11:11:11:11:11:11

        Priority: 128

        Domain ID: 2 (static)

    Principal switch running time information:

        Priority: 128

 

    No interfaces available.

The output shows that:

?  The domain configuration was complete.

?  The runtime domain ID of Switch B is 2.

Dynamic fabric building configuration example

Network requirements

As shown in Figure 20, use the dynamic method to build a fabric.

Figure 20 Network diagram

 

Configuration procedure

This section describes only fabric building configurations.

1.      Configure Switch A:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1. By default, the fabric configuration feature is enabled.

[SwitchA] vsan 1

[SwitchA-vsan1] domain configure enable

# Set the domain ID to 11 in VSAN 1.

[SwitchA-vsan1] domain-id 11 preferred

Non-disruptive reconfiguration or isolating the switch may be performed. Continue? [Y/N]:y

2.      Configure Switch B:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchB> system-view

[SwitchB] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchB] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchB] quit

# Reboot the switch.

<SwitchB> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchB> system-view

[SwitchB] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1. By default, the fabric configuration feature is enabled.

[SwitchB] vsan 1

[SwitchB-vsan1] domain configure enable

# Set the priority value to 1, so that Switch B can be selected as the principal switch.

[SwitchB-vsan1] priority 1

3.      Configure Switch C:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchC> system-view

[SwitchC] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchC] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchC] quit

# Reboot the switch.

<SwitchC> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchC> system-view

[SwitchC] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1. By default, the fabric configuration feature is enabled.

[SwitchC] vsan 1

[SwitchC-vsan1] domain configure enable

# Set the domain ID to 13 in VSAN 1.

[SwitchC-vsan1] domain-id 13 preferred

Non-disruptive reconfiguration or isolating the switch may be performed. Continue? [Y/N]:y

4.      Configure Switch D:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchD> system-view

[SwitchD] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchD] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchD] quit

# Reboot the switch.

<SwitchD> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchD> system-view

[SwitchD] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1. By default, the fabric configuration feature is enabled.

[SwitchD] vsan 1

[SwitchD-vsan1] domain configure enable

# Set the domain ID to 14 in VSAN 1.

[SwitchD-vsan1] domain-id 14 preferred

Non-disruptive reconfiguration or isolating the switch may be performed. Continue? [Y/N]:y

Verifying the configuration

1.      Verify the configuration on Switch A:

# Display the domain information of VSAN 1.

[SwitchA-vsan1] display fc domain vsan 1

Domain Information of VSAN 1:

 

    Running time information:

        State: Stable

        Switch WWN: 48:33:43:2d:46:43:1A:1A

        Fabric name: 48:33:43:2d:46:43:1B:1B

        Priority: 128

        Domain ID: 11

    Configuration information:

        Domain configure: Enabled

        Domain auto-reconfigure: Disabled

        Fabric name: 48:33:43:2d:46:43:1A:1A

        Priority: 128

        Domain ID: 11 (preferred)

    Principal switch running time information:

        Priority: 1

 

    Path          Interface

    Upstream      Fc1/0/1

    Downstream    Fc1/0/2

The output shows that:

?  The domain configuration was complete.

?  The principal switch assigned domain ID 11 to Switch A.

# Display the domain ID list of VSAN 1.

[SwitchA-vsan1] display fc domain-list vsan 1

Domain list of VSAN 1:

  Number of domains: 4

 

  Domain ID      WWN

  0x01(1)        48:33:43:2d:46:43:1B:1B [Principal]

  0x0b(11)       48:33:43:2d:46:43:1A:1A [Local]

  0x0d(13)       48:33:43:2d:46:43:1C:1C

  0x0e(14)       48:33:43:2d:46:43:1D:1D

The output shows that Switch B became the principal switch and assigned the smallest domain ID 1 to itself.

 


Configuring FC routing and forwarding

Overview

Routing and forwarding in an FC SAN is achieved through FCF switches. When an FCF switch receives a packet, an FCF switch performs the following operations:

·           Selects an optimal route based on the destination address.

·           Forwards the packet to the next FCF switch in the path until the packet reaches the last FCF switch.

The last FCF switch forwards the packet to the destination node.

Routing provides the path information that guides the forwarding of packets.

Routing table and FIB table

An FCF switch determines the best routes by using its routing table and sends those routes to the FIB table, which guides packet forwarding. An FCF switch maintains one routing table and one FIB table for each VSAN.

Routing table contents

The routing table saves the routes discovered by various routing protocols. Routes in a routing table include the following types:

·           Direct routesRoutes discovered by link layer protocols.

·           Static routesRoutes manually configured by the administrator.

·           FSPF routesRoutes discovered by the Fabric Shortest Path First (FSPF) protocol.

To display brief information about a routing table, use the display fc routing-table command as follows:

<Sysname> display fc routing-table vsan 1

Routing Table: VSAN 1

  Destinations : 6          Routes : 6

  Destination/mask   Protocol   Preference   Cost     Interface

  0x020000/8         FSPF       20           265      Vfc1

  0x120000/8         STATIC     10           0        Vfc2

  0xfffc01/24        DIRECT     0            0        InLoop0

  0xfffffa/24        DIRECT     0            0        InLoop0

  0xfffffc/24        DIRECT     0            0        InLoop0

  0xfffffd/24        DIRECT     0            0        InLoop0

...

A route entry includes the following key items:

·           Destination—Destination address of an FC frame.

·           mask—Together with the destination address, specifies the domain address of the destination node or FCF switch. A logical AND operation between the destination address and the network mask yields the domain address of the destination node or FCF switch. For example, if the destination address is 0x010001 and the mask is 0xFF0000, the domain address of the destination node or FCF switch is 0x010000. A network mask contains a certain number of consecutive 1s. It can be expressed in hexadecimal format or by the number of 1s.

·           ProtocolProtocol type, which can be DIRECT (direct routes), STATIC (static routes), or FSPF (FSPF routes).

·           PreferenceDirect routes, static routes, and FSPF routes might exist to the same destination. All these types of routes are assigned preferences. Direct routes have a preference of 0, static routes have a preference of 10, and FSPF routes have a preference of 20. The optimal route is the one with the highest priority (smallest preference value).

·           Cost—Cost of the route. For routes to the same destination and with the same preference, the route with the lowest cost is the optimal one. The cost of direct routes is 0. The costs of static routes and FSPF routes are configurable.

·           Interface—Specifies the interface through which a matching FC frame is to be forwarded out of the FCF switch.

FIB table contents

Each entry in the FIB table specifies the physical interface a packet destined for a certain destination node or FCF switch should go through to reach either of the following:

·           The next hop (the next FCF switch).

·           Directly-connected destination node.

To display FIB table information, use the display fc fib command as follows:

<Sysname> display fc fib vsan 1

FC FIB information in VSAN 1:

  Destination count: 6

  FIB entry count: 6

 

  Destination/Mask              Interface

  0x020000/8                    Vfc1

  0x120000/8                    Vfc2

  0xfffc01/24                   InLoop0

  0xfffffa/24                   InLoop0

  0xfffffc/24                   InLoop0

  0xfffffd/24                   InLoop0

The key items Destination, Mask, and Interface in an FIB table have the same meanings as those in a routing table.

Direct routes

The sources of direct routes include well-known addresses and the FC addresses that the local switch assigns to directly-connected N_Ports.

·           The well-known addresses are usually used to access FCF switches. For information about using common well-known addresses, see "Appendix B Well-known fabric addresses." All well-known addresses are added to the routing table as the destination addresses of direct routes. The direct route includes the following settings:

?  The destination address is a well-known address.

?  The mask is 0xFFFFFF.

?  The outgoing interface is InLoop0.

·           When an FCF switch assigns FC addresses to directly connected N_Ports, the FCF switch also adds the direct routes of these addresses to the routing table. The direct route includes the following settings:

?  The destination address is an assigned FC address.

?  The mask is 0xFFFFFF.

?  The outgoing interface is the VFC interface connected to the N_Port.

Static routes

Static routes are manually configured by the administrator. After you configure a static route, FC frames to the destination specified in the static route are forwarded along the specified path.

In a simple network, static routes are enough for implementing network connectivity. By correctly setting up and using static routes, you can improve network performance and guarantee bandwidth for critical network applications.

Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually.

Static routes support equal-cost routes. When you configure multiple equal-cost static routes to the same destination but with different outgoing interfaces, equal-cost routes are generated.

FSPF routes

FSPF is a route selection protocol based on link states. FSPF can automatically calculate the best path between any two switches in a fabric.

FSPF has the following characteristics:

·           Can be used for any topology.

·           Supports equal-cost routes.

·           Performs topology calculations on a per-VSAN basis.

·           Runs only on E_Ports and provides a loop-free topology.

·           Provides a topology database on each switch to track the state of all links.

·           Uses the Dijkstra algorithm to calculate routes.

·           Provides fast convergence in the event of topology changes.

Basic concepts

·           LSDB—The link state database (LSDB) stores global topology information for switches and link state information of all switches in link state records (LSRs).

·           LSR—An LSR describes information about all link states between a switch and its directly connected switches.

Each LSR generated by a switch is called an LSR instance. LSRs generated by all switches comprise the LSDB. An LSR contains one or more pieces of link state information, including the following:

?  LSR hold time.

?  Domain ID of the switch advertising the LSR.

?  LSR instance number. Every time an LSR is updated, the instance number increments by 1.

?  Link ID, which identifies a link and includes the domain ID of the switch at the peer end of the link.

?  Source interface and destination interface of the link.

?  Link type, for example, point-to-point connection.

?  Cost for packet transmission over the link. The smaller the cost, the better the link. The route selection algorithm uses this value to determine the best route. The interface cost is configurable.

FSPF packet types

The following protocol packets are used in FSPF:

·           Hello packets—Sent periodically to discover and maintain FSPF neighbors.

·           Link state update (LSU)—Advertises local link state information in LSRs to the neighboring switches.

·           Link state acknowledgment (LSA)—Acknowledges the received LSR.

After receiving an LSU, a switch needs to acknowledge its LSR with an LSA. Otherwise, the neighboring switch retransmits the LSR.

How FSPF works

FSPF works as follows:

1.      The switch periodically sends hello packets to establish neighbor relationships with other switches.

2.      After establishing neighbor relationships, the switches synchronize LSDBs by exchanging all LSRs in their respective LSDBs. A switch carries LSRs in LSUs and acknowledges received LSRs with LSAs.

3.      After the synchronization is complete, the LSDB in each switch contains LSRs of all switches in the fabric.

4.      The switch uses the Dijkstra algorithm to calculate the shortest paths to other switches based on the local LSDB. Then, it determines the outgoing interfaces and generates an FSPF routing table.

5.      When the network topology or link state changes, the switch floods a new LSR to its neighboring switches. After receiving the LSR, the neighboring switches add it to their LSDBs and flood it to their respective neighbors. In this way, all switches in the fabric receive that LSR.

6.      Local LSDB updating results in SPF calculation. The calculated shortest path tree list is updated to the FSPF routing table.

Configuring static FC routes

Configuration restrictions and guidelines

When you configure static FC routes, follow these restrictions and guidelines:

·           The destination address of a static FC route is in the range of 010000 to EFFFFF (hexadecimal). You cannot configure a route with a well-known address as the destination address.

·           The outgoing interface of a static FC route can be a VFC interface.

·           If you configure two routes with the same destination address, mask, and outgoing interface, but with different costs, the route configured later applies.

·           The maximum number of static routes allowed in a VSAN is 256.

Configuration procedure

To configure a static FC route:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Configure a static FC route.

fc route-static fcid { mask | mask-length } interface-type interface-number [ cost cost-value ]

By default, no static FC route exists.

 

Configuring FSPF

FSPF is enabled by default. Typically, no special configuration is required.

You can change FSPF parameters on a per-VSAN or per-interface basis.

FSPF configuration task list

Tasks at a glance

Change FSPF parameters for a VSAN in VSAN view

·          (Required.) Enabling FSPF

·          (Optional.) Setting the shortest SPF calculation interval

·          (Optional.) Setting the minimum LSR arrival interval

·          (Optional.) Setting the minimum LSR refresh interval

(Optional.) Change FSPF parameters for an interface in E_Port interface view

·          Setting the FSPF cost for an interface

·          Setting the hello interval for an interface

·          Setting the dead interval for an interface

·          Setting the LSR retransmission interval for an interface

·          Disabling FSPF for an interface

(Optional.) Configuring FSPF GR

·          Configuring the GR restarter

·          Configuring the GR helper

 

Enabling FSPF

FSPF-related features can work in a VSAN only after you enable FSPF in the VSAN.

To enable FSPF:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enable FSPF in the VSAN.

fspf enable

By default, FSPF is enabled after a VSAN is created.

 

Setting the shortest SPF calculation interval

SPF calculations occur when the LSDB changes. To limit the CPU resources consumed by frequent SPF calculations, you can change the shortest SPF calculation interval.

The shortest SPF calculation interval defines the minimum interval between two consecutive SPF calculations. A smaller value means that FSPF responds faster to fabric changes by recalculating routes in a VSAN, but it requires more CPU resources.

To set the shortest SPF calculation interval:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Set the shortest SPF calculation interval.

fspf spf-hold-time value

The default setting is 0 seconds.

 

Setting the minimum LSR arrival interval

The minimum LSR arrival interval specifies the interval between received LSR updates in a VSAN. Any LSR updates that arrive before this interval are dropped. This helps avoid frequent SPF calculations caused by LSDB updating.

To set the minimum LSR arrival interval:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Set the minimum LSR arrival interval.

fspf min-ls-arrival value

The default setting is 1 second.

 

Setting the minimum LSR refresh interval

The minimum LSR refresh interval specifies the interval at which LSRs are refreshed. To reduce SPF calculations and LSR flooding in a fabric caused by frequent LSR refreshing, the switch cannot refresh local LSRs within this interval.

To set the minimum LSR refresh interval:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Set the minimum LSR refresh interval.

fspf min-ls-interval value

The default setting is 5 seconds.

 

Setting the FSPF cost for an interface

Each link has a cost. The route selection algorithm uses this value to determine the best route. The smaller the interface FSPF cost, the smaller the link cost.

To set the FSPF cost for an interface:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

N/A

3.      Set the FSPF cost for the interface in a VSAN.

fspf cost value vsan vsan-id

The default setting for VFC interfaces is 100.

 

Setting the hello interval for an interface

The hello interval specifies the time between the hello packets sent periodically by the switch to discover and maintain neighbor relationships.

 

 

NOTE:

The hello interval must be smaller than the dead interval and must be the same at the two ends of the link.

 

To set the hello interval for an interface:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

N/A

3.      Set the hello interval for the interface in a VSAN.

fspf hello-interval value vsan vsan-id

The default setting is 20 seconds.

 

Setting the dead interval for an interface

After two switches establish a neighbor relationship, they send hello packets at the hello interval to each other to maintain the neighbor relationship. The dead interval specifies the interval during which at least one hello packet must be received from a neighbor before the neighbor is considered nonexistent and removed.

 

 

NOTE:

The dead interval must be greater than the hello interval and must be the same at the two ends of the link.

 

To set the dead interval for an interface:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

N/A

3.      Set the dead interval for the interface in a VSAN.

fspf dead-interval value vsan vsan-id

The default setting is 80 seconds.

 

Setting the LSR retransmission interval for an interface

The LSR retransmission interval specifies the time to wait for an LSR acknowledgment from the neighbor before retransmitting the LSR.

To set the LSR retransmission interval for an interface:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

N/A

3.      Set the LSR retransmission interval for the interface in a VSAN.

fspf retransmit-interval value vsan vsan-id

The default setting is 5 seconds.

 

Disabling FSPF for an interface

With FSPF enabled, an interface can participate in SPF calculation. To avoid SPF calculations on an interface, disable FSPF on the interface.

To disable FSPF on an interface:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

N/A

3.      Disable FSPF for the interface in a VSAN.

fspf silent vsan vsan-id

By default, FSPF is enabled on all interfaces.

 

Configuring FSPF GR

FSPF graceful restart (GR) enables nonstop forwarding of traffic by backing up FSPF configuration information in the following situations:

·           A protocol restart (for example, the FSPF process restart triggered by the process command).

·           An active/standby switchover.

GR involves the following roles:

·           GR restarter—GR-capable device where a protocol restart or active/standby switchover occurs.

·           GR helperThe GR restarter's neighboring device that assists in the GR process.

Configuring the GR restarter

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enable FSPF GR.

fspf graceful-restart

By default, FSPF GR is disabled.

3.      Set the maximum FSPF GR interval.

fspf graceful-restart interval interval-value

The default setting is 120 seconds.

 

Configuring the GR helper

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enable FSPF GR helper.

fspf graceful-restart helper

By default, FSPF GR helper is enabled.

 

Displaying and maintaining FC routing and forwarding

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display FC routing table information.

display fc routing-table [ vsan vsan-id ] [ statistics | verbose ]

display fc routing-table vsan vsan-id fc-id [ mask | mask-length ] [ verbose ]

Display FC FIB table information.

display fc fib [ fcid [ mask-length ] ] vsan vsan-id

Display FC Exchange table information.

display fc exchange { link | protocol } [ slot slot-number ]

display fc exchange link verbose [ slot slot-number [ exid exid ] ]

Display FSPF neighbor information.

display fspf neighbor [ vsan vsan-id ]

Display link state database information.

display fspf lsdb [ vsan vsan-id ]

Display FSPF GR state information.

display fspf graceful-restart [ vsan vsan-id ]

Display FSPF statistics.

display fspf statistics [ vsan vsan-id ]

Clear FSPF statistics.

reset fspf counters [ vsan vsan-id ]

 

FC routing configuration examples

Static FC routing configuration example

Network requirements

As shown in Figure 21, configure static routes to enable any two FCF switches in the fabric to communicate with each other.

Figure 21 Network diagram

 

Configuration procedure

1.      Configure Switch A:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1.

[SwitchA] vsan 1

[SwitchA-vsan1] domain configure enable

# Set the domain ID to 1 in VSAN 1.

[SwitchA-vsan1] domain-id 1 static

[SwitchA-vsan1] quit

# Create interface VFC 1.

[SwitchA] interface vfc 1

# Set the mode of VFC 1 to E.

[SwitchA-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 1 as a trunk port.

[SwitchA-Vfc1] port trunk vsan 1

[SwitchA-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchA] vlan 10

[SwitchA-vlan10] fcoe enable vsan 1

[SwitchA-vlan10] quit

# Configure two static routes in VSAN 1.

[SwitchA] vsan 1

[SwitchA-vsan1] fc route-static 020000 8 vfc 1

[SwitchA-vsan1] fc route-static 030000 8 vfc 1

2.      Configure Switch B:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchB> system-view

[SwitchB] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchB] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchB] quit

# Reboot the switch.

<SwitchB> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchB> system-view

[SwitchB] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1.

[SwitchB] vsan 1

[SwitchB-vsan1] domain configure enable

# Set the domain ID to 2 in VSAN 1.

[SwitchB-vsan1] domain-id 2 static

[SwitchB-vsan1] quit

# Create interface VFC 1.

[SwitchB] interface vfc 1

# Set the mode of VFC 1 to E.

[SwitchB-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchB-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 1 as a trunk port.

[SwitchB-Vfc1] port trunk vsan 1

[SwitchB-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchB-Ten-GigabitEthernet1/0/1] quit

# Create interface VFC 2.

[SwitchB] interface vfc 2

# Set the mode of VFC 2 to E.

[SwitchB-Vfc2] fc mode e

# Bind VFC 2 to interface Ten-GigabitEthernet 1/0/2.

[SwitchB-Vfc2] bind interface ten-gigabitethernet 1/0/2

# Assign VFC 2 to VSAN 1 as a trunk port.

[SwitchB-Vfc2] port trunk vsan 1

[SwitchB-Vfc2] quit

# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 10.

[SwitchB] interface ten-gigabitethernet 1/0/2

[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 10

[SwitchB-Ten-GigabitEthernet1/0/2] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchB] vlan 10

[SwitchB-vlan10] fcoe enable vsan 1

[SwitchB-vlan10] quit

# Configure two static routes in VSAN 1.

[SwitchB] vsan 1

[SwitchB-vsan1] fc route-static 010000 8 vfc 1

[SwitchB-vsan1] fc route-static 030000 8 vfc 2

3.      Configure Switch C:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchC> system-view

[SwitchC] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchC] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchC] quit

# Reboot the switch.

<SwitchC> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchC> system-view

[SwitchC] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1.

[SwitchC] vsan 1

[SwitchC-vsan1] domain configure enable

# Set the domain ID to 3 in VSAN 1.

[SwitchC-vsan1] domain-id 3 static

[SwitchC-vsan1] quit

# Create interface VFC 2.

[SwitchC] interface vfc 2

# Set the mode of VFC 2 to E.

[SwitchC-Vfc2] fc mode e

# Bind VFC 2 to interface Ten-GigabitEthernet 1/0/2.

[SwitchC-Vfc2] bind interface ten-gigabitethernet 1/0/2

# Assign VFC 2 to VSAN 1 as a trunk port.

[SwitchC-Vfc2] port trunk vsan 1

[SwitchC-Vfc2] quit

# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 10.

[SwitchC] interface ten-gigabitethernet 1/0/2

[SwitchC-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 10

[SwitchC-Ten-GigabitEthernet1/0/2] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchC] vlan 10

[SwitchC-vlan10] fcoe enable vsan 1

[SwitchC-vlan10] quit

# Configure two static routes in VSAN 1.

[SwitchC] vsan 1

[SwitchC-vsan1] fc route-static 010000 8 vfc 2

[SwitchC-vsan1] fc route-static 020000 8 vfc 2

Verifying the configuration

# Display the FC routing table in VSAN 1 on Switch A.

[SwitchA-vsan1] display fc routing-table vsan 1

Routing Table: VSAN 1

  Destinations : 6          Routes : 6

  Destination/mask   Protocol   Preference   Cost     Interface

  0x020000/8         STATIC     10           0        Vfc1

  0x030000/8         STATIC     10           0        Vfc1

  0xfffc01/24        DIRECT     0            0        InLoop0

  0xfffffa/24        DIRECT     0            0        InLoop0

  0xfffffc/24        DIRECT     0            0        InLoop0

  0xfffffd/24        DIRECT     0            0        InLoop0

# Display the FC routing table in VSAN 1 on Switch B.

[SwitchB-vsan1] display fc routing-table vsan 1

Routing Table: VSAN 1

  Destinations : 6          Routes : 6

  Destination/mask   Protocol   Preference   Cost     Interface

  0x010000/8         STATIC     10           0        Vfc1

  0x030000/8         STATIC     10           0        Vfc2

  0xfffc02/24        DIRECT     0            0        InLoop0

  0xfffffa/24        DIRECT     0            0        InLoop0

  0xfffffc/24        DIRECT     0            0        InLoop0

  0xfffffd/24        DIRECT     0            0        InLoop0

# Display the FC routing table in VSAN 1 on Switch C.

[SwitchC-vsan1] display fc routing-table vsan 1

Routing Table: VSAN 1

  Destinations : 6          Routes : 6

  Destination/mask   Protocol   Preference   Cost     Interface

  0x010000/8         STATIC     10           0        Vfc2

  0x020000/8         STATIC     10           0        Vfc2

  0xfffc03/24        DIRECT     0            0        InLoop0

  0xfffffa/24        DIRECT     0            0        InLoop0

  0xfffffc/24        DIRECT     0            0        InLoop0

  0xfffffd/24        DIRECT     0            0        InLoop0

# FCping Switch C from Switch A.

[SwitchA-vsan1] fcping fcid fffc03 vsan 1

FCPING fcid 0xfffc03: 128 data bytes, press CTRL_C to break

Reply from 0xfffc03: bytes = 128 time = 23 ms

Reply from 0xfffc03: bytes = 128 time = 9 ms

Reply from 0xfffc03: bytes = 128 time = 19 ms

Reply from 0xfffc03: bytes = 128 time = 14 ms

Reply from 0xfffc03: bytes = 128 time = 25 ms

 

--- 0xfffc03 fcping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 9/18/25 ms

FSPF configuration example

Network requirements

As shown in Figure 22, configure FSPF to enable the two FCF switches to communicate with each other.

Figure 22 Network diagram

 

Configuration procedure

This section describes only FC routing configurations.

1.      Configure Switch A:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Create VSAN 2, and enable the fabric configuration feature in VSAN 2.

[SwitchA] vsan 2

[SwitchA-vsan2] domain configure enable

# Set the domain ID to 1 in VSAN 2.

[SwitchA-vsan2] domain-id 1 static

# Enable FSPF in VSAN 2.

[SwitchA-vsan2] fspf enable

[SwitchA-vsan2] quit

# Create interface VFC 1.

[SwitchA] interface vfc 1

# Set the mode of VFC 1 to E.

[SwitchA-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 2 as a trunk port.

[SwitchA-Vfc1] port trunk vsan 2

[SwitchA-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 2.

[SwitchA] vlan 10

[SwitchA-vlan10] fcoe enable vsan 2

[SwitchA-vlan10] quit

# Enable FSPF for VFC 1.

[SwitchA] interface vfc 1

[SwitchA-Vfc1] undo fspf silent vsan 2

[SwitchA-Vfc1] quit

2.      Configure Switch B:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchB> system-view

[SwitchB] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchB] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchB] quit

# Reboot the switch.

<SwitchB> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchB> system-view

[SwitchB] fcoe-mode fcf

# Create VSAN 2, and enable the fabric configuration feature in VSAN 2.

[SwitchB] vsan 2

[SwitchB-vsan2] domain configure enable

# Set the domain ID to 2 in VSAN 2.

[SwitchB-vsan2] domain-id 2 static

# Enable FSPF in VSAN 2.

[SwitchB-vsan2] fspf enable

[SwitchB-vsan2] quit

# Create interface VFC 1.

[SwitchB] interface vfc 1

# Set the mode of VFC 1 to E.

[SwitchB-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchB-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 2 as a trunk port.

[SwitchB-Vfc1] port trunk vsan 2

[SwitchB-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchB-Ten-GigabitEthernet1/0/1] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 2.

[SwitchB] vlan 10

[SwitchB-vlan10] fcoe enable vsan 2

[SwitchB-vlan10] quit

# Enable FSPF for VFC 1.

[SwitchB] interface vfc 1

[SwitchB-Vfc1] undo fspf silent vsan 2

[SwitchB-Vfc1] quit

Verifying the configuration

# Display the FSPF neighbor information for Switch A.

[SwitchA] display fspf neighbor

FSPF neighbor information of VSAN 2(01):

  Interface   NbrDomain   IfIndex   NbrIfIndex   Dead Time   State

  Vfc1        2           0x68      0x68         00:01:06    Full

# Display the FC routing table for Switch A.

[SwitchA] display fc routing-table vsan 2

Routing Table: VSAN 2

  Destinations : 5          Routes : 5

  Destination/mask   Protocol   Preference   Cost     Interface

  0x020000/8         FSPF       20           100      Vfc1

  0xfffc01/24        DIRECT     0            0        InLoop0

  0xfffffa/24        DIRECT     0            0        InLoop0

  0xfffffc/24        DIRECT     0            0        InLoop0

  0xfffffd/24        DIRECT     0            0        InLoop0

# FCping Switch B from Switch A.

[SwitchA] fcping fcid fffc02 vsan 2

FCPING fcid 0xfffc02: 128 data bytes, press CTRL_C to break.

Reply from 0xfffc02: bytes = 128 time = 1.102 ms

Reply from 0xfffc02: bytes = 128 time = 0.276 ms

Reply from 0xfffc02: bytes = 128 time = 0.253 ms

Reply from 0xfffc02: bytes = 128 time = 0.270 ms

Reply from 0xfffc02: bytes = 128 time = 0.247 ms

 

--- 0xfffc02 fcping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 0.247/0.430/1.102 ms

The output shows that Switch A can reach Switch B.

 


Configuring FC zones

Overview

The VSAN feature divides a physical SAN into multiple VSANs, which are separated from one another, and provides more secure, reliable, and flexible services. A VSAN, however, cannot perform access control over the servers and disk devices (or the N_Ports) connected to a fabric. N_Ports in the same VSAN can access one another only if these N_Ports register name services. This creates data security risks.

Zoning can solve the security problem by dividing a VSAN into zones and adding N_Ports or F_Ports to different zones for different purposes. In this way, N_Ports in different zones are separated to implement access control.

Adding an F_Port to a zone adds all N_Ports that log in through the F_Port to that zone.

Zoning mode

Two zoning modes are available: basic zoning and enhanced zoning.

Table 4 shows the differences between the two zoning modes.

Table 4 Differences between basic zoning and enhanced zoning

Basic zoning

Enhanced zoning

The default zone policy and hard zoning status are not distributed during the zone distribution process. You must manually configure these settings on all switches to ensure consistency across the fabric.

The default zone policy and hard zoning status are distributed throughout the fabric.

If a zone belongs to multiple zone sets, an instance of the zone is created in each zone set.

Zone sets can reference a defined zone, which reduces the payload of packets for zone merge or distribution.

Merge rules are simple.

Merge rules are complex and are affected by the merge control feature.

 

Zone database

To control access among N_Ports, you can assign N_Ports to different zones as needed, which comprise a zone set. The same N_Ports can form multiple zone sets according to different zone division policies. These zones and zone sets comprise a zone database.

Zone database structure

The zone database is organized into three levels, including zone set, zone, and zone member.

Figure 23 Zone database structure

 

In the zone database structure:

·           A zone set is a set of zones. A zone is a set of zone members, which are N_Ports or F_Ports.

?  N_Port membership can be identified by the port WWN (pWWN) or FC address of an N_Port.

?  F_Port membership can be identified by the WWN of an F_Port (fWWN).

·           Each VSAN can have multiple zone sets, each zone set can have multiple zones, and each zone can have multiple zone members.

·           Zone membership configuration supports use of zone aliases. A zone alias is a set of N_Ports, which can be considered as a whole. To simplify configuration, you can add common zone members in multiple zones to a zone alias, and use the zone alias in different zones to simplify configuration.

Active zone set

Each VSAN can have multiple zone sets, but only one zone set can be effective at a time. It is called the active zone set. Access control over N_Ports is subject to the active zone set.

To ensure consistent access control over N_Ports across a fabric basis, specify a zone set as the active zone set on a switch and distribute it to the entire fabric.

When you activate a zone set, a copy of the zone set at the time of activation is created and is called the active zone set. After that, modifications to the zone set do not take effect on the copy until the copy is reactivated. Figure 24 shows the relationship between active and full zone sets.

Figure 24 Active and full zone sets

 

In basic zoning mode, the system checks the size of the data to be distributed when you activate a zone set. If the size of the data exceeds the system limit, the activation fails, and an error message is displayed.

In enhanced zoning mode, the system does not limit the size of the data to be distributed.

Default zone

Registered N_Ports that are not in the active zone set automatically become part of the default zone. The N_Ports in zones of the active zone set are part of the active zone set.

If members of the default zone are allowed to access each other, the following events occur:

·           The default zone can be considered to be part of the active zone set.

·           The default zone participates in access control among N_Ports.

Otherwise, the default zone is not in the active zone set and does not participate in access control among the N_Ports.

In basic zoning mode, the switch does not distribute the default zone policy across the fabric. You must manually configure a consistent default zone policy across the fabric. In enhanced zoning mode, the switch distributes the default zone policy during the zone distribution process.

Peer zoning

A zone can be a peer zone or a common zone. Unless otherwise indicated, a zone in FC and FCoE refers to a common zone.

Peering zone is supported only in enhanced zoning mode.

You can define a peer zone on a target device by specifying a zone name, the principal member, and peer members. The switch automatically creates the defined peer zone when receiving related packets from the target device.

Each peer zone can have one principal member and multiple peer members. The principal member can communicate with all peer members. Any two peer members in a peer zone cannot communicate with each other unless they are allowed to communicate with each other in another zone.

Pairwise

The Pairwise feature is supported only in enhanced zoning mode.

Typically, servers do not need to access each other, and storage devices do not need to access each other. Without the Pairwise feature, an access entry is generated for each pair of members in a zone.

The Pairwise feature allows a member to access only members with a different role in the same zone.

There are two roles defined for zone members:

·           Initiator—Typically a server.

·           Target—Typically a storage device.

When the Pairwise feature is enabled, access entries are not generated for initiator-initiator pairs or target-target pairs, which saves hardware resources.

The Pairwise feature runs on a per-zone basis. A member can have different roles in different zones. When the Pairwise feature is disabled for a zone, member roles do not take effect in that zone.

When a member acts as an initiator, it can access target members. When a member acts as a target, it can access initiator members. When a member acts as both an initiator and a target, it can access both target members and initiator members.

Zone distribution in basic zoning mode

Zone distribution occurs when a switch distributes its zone database to all other switches in the same fabric. The distributing switch is called a managing switch, and all other switches are called managed switches.

In basic zoning mode, the following distribution types are provided:

·           Complete distributionDistributes both the active zone set and the zone database.

·           Incomplete distributionDistributes only the active zone set.

Zone distribution methods

You can distribute zones by using one of the following methods:

·           Activate a zone set on a switch by using the zoneset activate command. At the time of activation, the active zone set is distributed to all other switches.

If the size of the zone set exceeds the system limit, the activation fails.

This method determines whether to carry the zone database according to the configured distribution type.

·           Distribute the active zone set and the zone database directly by using the zoneset distribute command on a switch.

This method performs a complete distribution regardless of the configured distribution type.

Managed switches replace their respective active zone sets or zone databases with the received data, regardless of the distribution types configured on them. If a managed switch receives only the zone database, the managed switch does not retain its active zone set (if present) after replacement.

Zone distribution process

The managing switch completes data synchronization with each managed switch by using the following packets:

·           Acquire Change Authorization (ACA).

·           Stage Fabric Configuration Update (SFC).

·           Update Fabric Configuration (UFC).

·           Release Change Authorization (RCA).

These types of packets implement locking, data synchronization, submission, and unlocking processes, respectively. These processes ensure that only one switch is the managing switch when multiple users trigger a data distribution on different switches at the same time.

Figure 25 Distribution process

 

The distribution process is as follows:

1.      The managing switch sends an ACA request to each managed switch to lock the fabric and enters the locked state.

The ACA request contains a list of domain IDs known to the managing switch.

2.      A managed switch compares the list of domain IDs with those it knows.

?  If the list of domain IDs is the same as those known to the managed switch, the fabric is in stable state. In this case, the managed switch replies with an ACC (Accept) packet and enters the change authorization (locked) state.

 

IMPORTANT

IMPORTANT:

For a fabric to be stable, make sure the routes are correctly and consistently configured, and no unreachable routes exist.

 

?  If the managed switch has been in change authorization state or cannot process the ACA request, it replies with an RJT (Reject) packet.

3.      After receiving ACC packets from all managed switches, the managing switch sends an SFC request to each managed switch.

If the managing switch does not receive ACC packets from one or more managed switches, it sends an RCA request to notify each managed switch to release the change authorization state.

If the managed switch replies with neither an ACC packet nor an RJT packet because of its abnormal state, the managing switch cannot be released from its locked state. To prevent this situation, the managing switch transmits an ACA request up to three times.

?  If no reply is received, the managing switch releases its locked state.

?  If the managing switch becomes abnormal after sending an ACA request, the managed switch cannot receive subsequent packets. In this case, the managed switch releases its locked state after waiting for a period of time.

4.      The managing switch sends an SFC request to each managed switch. The SFC request carries data to be synchronized, including the active zone set and zone database information. After receiving the SFC request, the managed switch calculates the total numbers of zones, zone sets, and zone aliases.

?  If none of the total numbers exceed the limit, the managed switch replies with an ACC packet.

?  If any of the total numbers exceed the limit, the managed switch replies with an RJT packet.

5.      After receiving ACC packets from all managed switches, the managing switch sends a UFC request to each managed switch. The UFC request notifies the managed switches to replace their local data with the received data.

Otherwise, the managing switch sends an RCA request to notify each managed switch to release the change authorization state.

6.      After receiving the UFC request, the managed switch updates its local zone database. It replies with an ACC packet for a successful update and with an RJT packet for a failed update.

7.      After receiving ACC packets from all managed switches, the managing switch sends an RCA request to each managed switch.

8.      The managed switch releases its change authorization state and replies with an ACC packet.

9.      After receiving ACC packets from all managed switches, the managing switch releases its change authorization state.

Zone distribution in enhanced zoning mode

Enhanced zoning has the following differences from basic zoning in zone distribution:

·           Enhanced zoning distributes the zone policy and hard zoning status in addition to the active zone set and zone database.

The zone policy includes the merge control mode and default zone policy. For information about the merge control mode, see "Zone merge in enhanced zoning mode."

·           Enhanced zoning always performs complete distribution and does not support the zoneset distribute full command.

You can use the same zone distribution methods for basic zoning as used in enhanced zoning mode.

A zoning mode switchover between basic zoning and enhanced zoning also causes zone distribution. Switchover-triggered distribution distributes the active zone set, zone database, zone policy, and hard zoning status.

For both switchover-triggered distribution and zone distribution in enhanced zoning mode, the SFC request includes the zone policy whether or not the SFC request has the active zone set and zone database.

For zone distribution in enhanced zoning mode, the SFC request always has hard zoning status.

For zone distribution caused by a switchover from basic zoning to enhanced zoning, the SFC request carries hard zoning status.

For zone distribution caused by a switchover from enhanced zoning to basic zoning, the SFC request does not have hard zoning status.

Zone merge in basic zoning mode

When two fabrics are merged, zone data might exist in both fabrics. In this case, zone data needs to be merged. Zone data to be merged includes the active zone set and zone database.

Zone merge in basic zoning mode is subject to merge types. The following merge types are provided:

·           Complete mergeMerges both the active zone sets and zone databases.

·           Incomplete mergeMerges only the active zone sets.

When initiating a merge process, the switch checks its local merge type.

·           If it is configured with complete merge, it sends packets with both the active zone set and zone database.

·           If it is configured with incomplete merge, it sends packets with only the active zone set.

The merged switches merge all received data, regardless of their merge types.

 

 

NOTE:

The pWWN is a preferred choice over FC addresses to identify zone members, because FC addresses might change at fabric merge and the merge result might not be as expected.

 

Zone merge process

When a switch discovers a new neighbor (the link layer module discovers neighbors and notifies the zone module), it starts a merge process with the neighbor. If the data changes after merging, the switch sends the changed data to neighbor switches until all switches in the fabric update their data.

During the merge, the switch sends Merge Request Resource Allocation (MRRA) requests to negotiate the size of data transmitted. Then, the switch sends Merge Request (MR) packets containing data to be merged to neighbor switches.

Figure 26 Zone merge process between two switches

 

Switch A and Switch B are new neighbors to each other. Suppose that Switch A first initiates a merge to Switch B.

The zone merge process is as follows:

1.      Switch A sends an MRRA request carrying the size of its data to be merged to Switch B.

2.      After receiving the MRRA request, Switch B determines whether to accept the merge according to its local data size.

?  If the size of the data to be merged is acceptable, it replies with an ACC packet.

?  If the size of the data to be merged is not acceptable, it replies with an RJT packet.

3.      After receiving the ACC packet, Switch A sends an MR request containing its zone data to Switch B.

4.      After receiving the MR request, Switch B obtains the zone data and merges it with its local zone data.

5.      Switch B replies with an ACC packet for a successful merge or with an RJT packet containing the cause of failure for a failed merge.

6.      After the merge process initiated by Switch A is complete, the following rules apply:

?  If the local data of Switch B is the same as or a subset of the local data of Switch A, Switch B ends the merge process with Switch A.

?  If the local data of Switch B is not exactly the same as or a subset of that of Switch A, Switch B initiates a merge process with Switch A.

The merge process is the same as the process initiated by Switch A to Switch B, as shown in steps 5, 6, 7, and 8 in Figure 26.

7.      After the merge process initiated by Switch A is complete, Switch B initiates a merge process to all its neighbors. This synchronizes Switch B's local database changes resulting from the merge to the entire fabric.

8.      Two 1-way merge processes can ensure data consistency between Switch A and Switch B.

 

 

NOTE:

Consistent active zone sets among switches can be achieved by a merge. Consistent zone databases achieved after a merge, however, require all participating switches to be configured with complete merge.

 

Zone merge rules

Table 5 Zone merge rules

Local database

Neighbor database

Merge status

Merge result

The zone databases contain zone sets with the same name, but zones in these zone sets have different names.

Successful

The union of the local database and neighbor database. Zone sets with the same name are merged.

The zone databases contain zone sets with different names.

Successful

The union of the local database and neighbor database. All zone sets with different names are retained.

The zone databases contain zones or zone aliases with different names.

Successful

The union of the local database and neighbor database. All zone sets or zone aliases with different names are retained.

The Pairwise feature status is different for one or more of the zones with the same name in the active zone sets or zone databases.

Failed

Both databases remain unchanged.

The zone databases contain zones or zone aliases with the same name, but one or more of these zones or zone aliases have one or more different zone members.

Failed

Both databases remain unchanged.

Zones with the same name in the active zone set contain the same zone members, but one or more of these members have different roles.

Or

Zones or zone aliases with the same name in the zone databases contain the same zone members, but one or more of these members have different roles.

Failed

Both databases remain unchanged.

Empty

Contain data

Successful

The neighbor database overwrites the local database.

Contain data

Empty

Successful

The local database overwrites the neighbor database.

 

 

NOTE:

·       If two active zone sets have different names, the larger name obtained by  string comparison acts as the name of the active zone set after merging.

·       If the active zone sets on two switches fail to merge, the two switches isolate their connecting link by bringing down the relevant ports in the VSAN, in addition to keeping their zone databases unchanged.

 

Zone merge in enhanced zoning mode

Enhanced zoning has the following differences from basic zoning in zone merge:

·           Enhanced zoning always performs complete merges, regardless of the merge type.

·           The MR request has the hard zoning status and a merge flag field in addition to the active zone set and zone database.

The merge flag field includes the merge control mode and default zone policy.

·           In the event of a merge failure, the link between participating switches is isolated, and both zone databases remain unchanged.

·           Enhanced zoning has stricter rules than basic zoning.

The enhanced zoning mode includes the following merge rules:

·           If either the merge control mode or default zone policy is different from that in the local zone database, the merge will fail.

·           If both the merge control mode and default zone policy are the same as that in the local zone database, the following rules apply:

?  If the merge control mode is Restrict, the system checks whether the data carried in the MR request is the same as the local zone database.

-       If the data is the same as the local zone database, the merge will succeed, and both databases remain unchanged.

-       If the data is different from the local zone database, the merge will fail.

?  If the merge control mode is Allow, the following rules apply:

-       If the two active zone sets contain zones with the same name but one or more of these zones have one or more different zone members, the merge will fail.

-       If the two zone databases contain zone sets, zones, or zone aliases with the same name but one or more of them have one or more different members, the merge will fail.

-       If the two zone databases contain zone members with the same name but one or more of these members have different roles, the merge will fail.

-       If the two zone databases contain zones with the same name, but the Pairwise feature status is different for one or more of these zones, the merge will fail.

-       If hard zoning status is different in the two zone databases, the merge will fail.

-       If the two active zone sets contain zones with different names and none of the preceding conditions exist, the merge will succeed. The merged active zone set is the union of the two active zone sets.

-       If the two zone databases contain zone sets, zones, or zone aliases with different names and none of the preceding conditions exist, the merge will succeed. The merged zone database is the union of the two zone databases.

Access control

For a server to access a disk device through the name service, the server and the disk device must be in one zone of the active zone set. Only members in the same zone can access each other.

FC zone configuration task list

Tasks at a glance

Remarks

(Required.) Configuring a zoning mode

N/A

(Required.) Configuring the Pairwise feature

This task can be performed only in enhanced zoning mode.

(Optional.) Configuring zone aliases

N/A

(Required.) Configuring zones

N/A

(Required.) Configuring zone sets

N/A

(Optional.) Configuring a peer zone

N/A

(Required.) Configuring the default zone policy

N/A

(Required.) Setting the zone distribution and merge type

This task can be performed only in basic zoning mode.

(Required.) Configuring a merge control mode

This task can be performed only in enhanced zoning mode.

(Optional.) Enabling hard zoning

N/A

(Required.) Activating a zone set and distributing it to the entire fabric

N/A

(Optional.) Triggering a complete distribution

N/A

(Optional.) Renaming zone aliases, zones, and zone sets

N/A

(Optional.) Copying zone aliases, zones, and zone sets

N/A

(Optional.) Deleting the zone database

N/A

(Optional.) Enabling SNMP notifications

N/A

 

 

NOTE:

·       You cannot modify zone configurations during zone distribution or merge.

·       In a fabric, only one managing switch can initiate distribution at a time. The next distribution can be initiated only after the previous one is complete.

 

Configuring a zoning mode

Two zoning modes are available: basic zoning and enhanced zoning. By default, the basic zoning mode is enabled.

A zoning mode switchover causes a zone distribution to ensure zoning mode consistency across the fabric. You can enable the enhanced zoning mode only when all switches in the fabric support this mode.

When you switch between zoning modes, the system prints a message indicating that the switchover will cause a zone distribution.

·           If you enter No, no operation is performed.

·           If you enter Yes, the local switch changes the zoning mode and generates the corresponding configuration. Then, the local switch distributes the change to the entire fabric. If the distribution fails, the system prints a log message, and the change takes effect on the local switch. Therefore, you must manually trigger a complete distribution to ensure zoning mode consistency across the fabric.

If the size of the active zone set exceeds the system limit in basic zoning mode, enhanced zoning cannot switch to basic zoning.

To configure a zoning mode:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Configure a zoning mode.

·          Enable the enhanced zoning mode:
zon
e mode enhanced

·          Enable the basic zoning mode:
undo zone mode enhanced

By default, the basic zoning mode is enabled.

 

Configuring the Pairwise feature

This feature can be configured only in enhanced zoning mode.

This feature allows a member to access only members with a different role in the same zone. A member with both roles can access both initiator members and target members.

After you disable this feature for a zone, all members in the zone can access each other, regardless of member roles.

To configure the Pairwise feature:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enter zone view.

zone name zone-name

N/A

4.      Configure the Pairwise feature.

·          Enable the Pairwise feature:
pairwise-zoning enable

·          Disable the Pairwise feature:
undo pairwise-zoning enable

By default, the Pairwise feature is disabled.

 

Configuring zone aliases

You can configure a maximum of 4000 zone aliases for all VSANs on a switch.

You can specify members of a zone alias by using their FC addresses, pWWNs, or fWWNs. An fWWN is the WWN of an F_Port. An F_Port member represents all N_Ports that log in through the F_Port. Any specified N_Port members can be indirectly connected to the switch.

You can specify the role of a member as an initiator, a target, or both when adding the member. The role can be configured only in enhanced zoning mode and takes effect only when the Pairwise feature is enabled.

To configure a zone alias:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Create a zone alias and enter its view.

zone-alias name zone-alias-name

By default, no zone aliases exist.

4.      Add a member to the zone alias.

member { fcid fcid | fwwn fwwn | pwwn pwwn } [ initiator | target ]

By default, no member exists in a new zone alias.

 

Configuring zones

You can configure a maximum of 4000 zones for all VSANs on a switch.

You can specify members of a zone by using their FC addresses, pWWNs, fWWNs, or zone aliases. An fWWN is the WWN of an F_Port. An F_Port member represents all N_Ports that log in through the F_Port. A zone alias represents a group of N_Ports. Any specified N_Port members can be indirectly connected to the switch. A member can belong to more than one zone.

You can specify the role of a member as an initiator, a target, or both when adding the member. The role can be configured only in enhanced zoning mode and takes effect only when the Pairwise feature is enabled.

To configure a zone:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Create a zone and enter its view.

zone name zone-name

By default, no zones exist.

4.      Add a member to the zone.

member { { fcid fcid | fwwn fwwn | pwwn pwwn } [ initiator | target ] | zone-alias zone-alias-name }

By default, no member exists in a new zone.

 

Configuring zone sets

You can configure a maximum of 128 zone sets for all VSANs on a switch.

To configure a zone set:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Create a zone set and enter its view.

zoneset name zoneset-name

By default, no zone sets exist.

4.      Add a zone to the zone set.

member zone-name

By default, no zone exists in a new zone set.

 

Configuring a peer zone

This feature allows you to convert a common zone to a peer zone and specify the principal member for the peer zone.

To configure a peer zone:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Create a zone and enter zone view.

zone name zone-name

By default, no zones exist.

4.      Convert the zone to a peer zone and specify the principal member for the peer zone.

zone-type peer-zone principal-member wwn

By default, a zone is a common zone.

 

Configuring the default zone policy

In enhanced zoning mode, the switch distributes the default zone policy with other zone data. In basic zoning mode, you must manually configure a consistent default zone policy across the fabric.

When the switch performs a zoning mode switchover, it also distributes the default zone policy with other zone data.

To configure the default zone policy:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Permit members in the default zone to access each other.

zone default-zone permit

Use one of the commands.

By default, default zone members are not permitted to access each other.

4.      Deny members in the default zone from accessing each other.

undo zone default-zone permit

 

Setting the zone distribution and merge type

Complete distribution (or merge) distributes (or merges) both the active zone set and zone database. Incomplete distribution (or merge) distributes (or merges) only the active zone set.

This feature is supported only in basic zoning mode. In enhanced zoning mode, the zone distribution and merge type is always complete, and this feature is not supported.

The set distribution type applies to distribution operations triggered by the zoneset activate command instead of the zoneset distribute command.

The set merge type applies to all merge operations.

To set the zone distribution and merge type:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Set the zone distribution and merge type to complete.

zoneset distribute full

The default setting is incomplete.

 

Configuring a merge control mode

Two merge control modes are available: Restrict and Allow. For information about these two modes, see "Zone merge in enhanced zoning mode."

In enhanced zoning mode, the merge control mode affects the result of a merge operation. Also, a merge operation is allowed only when the merge control mode is the same on both participating switches. Otherwise, the merge operation fails, and the link connecting the participating switches is isolated.

This feature is supported only in enhanced zoning mode. To ensure a consistent merge control mode across the fabric, use the zone activate or zone distribute command after you configure a merge control mode.

To configure a merge control mode:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Configure a merge control mode.

·          Configure the merge control mode as Restrict:
zone merge-control restrict

·          Configure the merge control mode as Allow:
undo zone merge-control restrict

The default merge control mode is Allow.

 

Enabling hard zoning

Overview

Switches implement zone access control in one of the following methods:

·           Soft zoning—When a registered node queries the nodes in the current fabric through generic service packets, soft zoning filters the nodes based on zone rules and returns only the matching nodes. Soft zoning is always in effect.

Because soft zoning is used only when a node accesses other nodes, it can restrict only the result of queries that a node initiates to switches, and it cannot directly control the underlayer traffic. When a node performs traffic attacks against the node that should be filtered by zone rules, soft zoning cannot perform access control for the node.

·           Hard zoning—Hard zoning converts the zone configurations into lower-layer driver rules and deploys the rules to the hardware to form hardware zone rules. Then, the traffic in the switch is forwarded strictly based on hardware zone rules. Hard zoning takes effect only when the hardware resources are sufficient for deploying zone rules.

When the hardware resources are not sufficient for deploying the hardware zone rules of the current VSAN, the system performs the following operations:

?  Clears all deployed hardware zone rules in order to keep the integrity of rules.

?  Automatically disables hard zoning.

To improve the security for a VSAN, you can enable hard zoning for the VSAN. After hard zoning is enabled for a VSAN, the system triggers deploying all zone rules of the VSAN. After hard zoning is manually disabled for a VSAN, the system clears the hardware zone rules already deployed for the VSAN and stops deploying new zone rules for the VSAN.

The two methods can work separately and supplement each other. They work together to implement node access control based on the zone configurations.

Configuration restrictions and guidelines

When you configure hard zoning, follow these restrictions and guidelines:

·           When soft zoning is enough for meeting the access control requirements of a VSAN, you can disable hard zoning for the VSAN to save the hardware entry resources.

·           In basic zoning mode, you must manually configure hard zoning to ensure consistency across the fabric. In enhanced zoning mode, zone distribution distributes hard zoning status with other zone data.

·           To view the hard zoning status, use the display zone status command.

·           Do not configure the zone hard-zoning enable command when the switch is merging or distributing zones.

Configuration procedure

To enable hard zoning:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enable hard zoning.

zone hard-zoning enable

By default, hard zoning is enabled.

 

Activating a zone set and distributing it to the entire fabric

You can use the zoneset activate command to activate a zone set on a switch and distribute the active zone set to the entire fabric. Then, the active zone set is used to implement access control. The modifications to the active zone set do not take effect until reactivation.

The zone set to be activated must have been created and must contain at least one N_Port member. Only one active zone set can exist in a VSAN. In basic zoning mode, if the size of the active zone set exceeds the system limit, the activation fails.

In basic zoning mode, the distribution type specified by using the zoneset distribute full command applies to distribution operations triggered by the zoneset activate command. In enhanced zoning mode, the zoneset distribute full command is not supported, and the distribution type is always complete.

In either basic or enhanced zoning mode, the system prints a log message if the activation fails. To ensure a consistent active zone set across the fabric, reactivate the zone set.

To activate a zone set and distribute it to the entire fabric:

 

Step

Command

1.      Enter system view.

system-view

2.      Enter VSAN view.

vsan vsan-id

3.      Activate a zone set and distribute it to the entire fabric.

zoneset activate name zoneset-name

 

 

NOTE:

Active zone set information does not contain the alias names of zone members. If a zone in the active zone set has members with a zone alias, the non-overlapping N_Port members in the zone alias are added to the zone. You can view the zone member change by using the display zoneset active command.

 

Triggering a complete distribution

Use the zoneset distribute command to trigger a one-time complete distribution, which distributes both the active zone set and zone database. In enhanced zoning mode, the zone policy and hard zoning status are also distributed.

After activating a zone set by using the zoneset activate command, you can modify the zone database configuration. The zoneset distribute command distributes the active zone set and the modified zone database to the entire fabric without changing the active zone set.

If the distribution fails, the system prints a log message. To ensure zone data consistency across the fabric, perform a new distribution.

To trigger a complete distribution:

 

Step

Command

1.      Enter system view.

system-view

2.      Enter VSAN view.

vsan vsan-id

3.      Trigger a complete distribution.

zoneset distribute

 

Renaming zone aliases, zones, and zone sets

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Rename a zone alias.

zone-alias rename old-name new-name

The zone alias to be renamed must have been created, and the new zone alias must not have been created.

4.      Rename a zone.

zone rename old-name new-name

The zone to be renamed must have been created, and the new zone must not have been created.

5.      Rename a zone set.

zoneset rename old-name new-name

The zone set to be renamed must have been created, and the new zone set must not have been created.

 

Copying zone aliases, zones, and zone sets

You can create a zone alias, zone, or zone set by copying an existing one. The source and the destination have the same contents but different names.

To copy a zone alias, zone, and zone set:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Copy an existing zone alias to create a new zone alias.

zone-alias clone src-name dest-name

The source zone alias must have been created, and the destination zone alias must not have been created.

4.      Copy an existing zone to create a new zone.

zone clone src-name dest-name

The source zone must have been created, and the destination zone must not have been created.

5.      Copy an existing zone set to create a new zone set.

zoneset clone src-name dest-name

The source zone set must have been created, and the destination zone set must not have been created.

 

Deleting the zone database

You can delete the zone database for a VSAN, including all zone sets, zones, and zone aliases, but not the active zone set.

To delete the zone database:

 

Step

Command

1.      Enter system view.

system-view

2.      Enter VSAN view.

vsan vsan-id

3.      Delete the zone database.

delete zone database all

 

Enabling SNMP notifications

After you enable SNMP notifications for the zone module, the zone module generates notifications for important events and sends the notifications to the SNMP module. For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide.

To enable SNMP notifications:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enable SNMP notifications for the zone module.

snmp-agent trap enable fc-zone [ activation-completed | defaultzone-change | hardzone-change | merge-failed | merge-succeeded ] *

By default, SNMP notifications for the zone module are disabled.

 

Displaying and maintaining FC zones

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display zone alias information.

display zone-alias [ [ name zone-alias-name ] vsan vsan-id ]

Display zone information.

display zone [ [ name zone-name ] vsan vsan-id ]

Display zone set information.

display zoneset [ [ name zoneset-name ] vsan vsan-id ]

Display information about the active zone set.

display zoneset active [ vsan vsan-id ]

Display parent information for a zone member.

display zone member { fcid fcid | pwwn pwwn | zone-alias zone-alias-name } [ vsan vsan-id ]

Display the running status and configuration of an FC zone.

display zone status [ vsan vsan-id ]

Display zone packet statistics.

display zone statistics [ vsan vsan-id ]

Clear zone packet statistics.

reset zone statistics [ vsan vsan-id ]

 

FC zone configuration example

Network requirements

As shown in Figure 27, all nodes have registered with the switches.

Configure access control in VSAN 1 to meet the following requirements:

·           Server A cannot access any disk but might need to subsequently.

·           Server B can access Disks A, B, and C.

·           Server C can access Disks B and C.

·           Servers cannot access each other.

Figure 27 Network diagram

 

Requirements analysis

To meet the network requirements, divide VSAN 1 into three zones as follows:

·           Assign Server A to zone Zone1.

·           Assign Server B and Disks A, B, and C to zone Zone2.

·           Assign Server C and Disks B and C to zone Zone3.

·           Enable Pairwise for Zone2, configure Server B as an initiator, and configure Disks A, B, and C as targets.

·           Enable Pairwise for Zone3, configure Server C as an initiator, and configure Disks B and C as targets.

·           Create a zone alias named Alias1, which contains Disks B and C, to simplify the configuration.

·           Create a zone set named Zoneset1, which contains zones Zone1, Zone2, and Zone3, and activate it.

Configuration procedure

This section describes only FC zone configurations on Switch A. You do not need to configure FC zones on Switch B.

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Enable the enhanced zoning mode in VSAN 1.

[SwitchA] vsan 1

[SwitchA-vsan1] zone mode enhanced

The zoning database in this switch would be distributed throughout the fabric. Continue? [Y/N]:y

# Create a zone alias named Alias1.

[SwitchA-vsan1] zone-alias name Alias1

# Add pWWN 22:33:44:55:66:77:88:99 (Disk B) and FC ID 020004 (Disk C) as its target members.

[SwitchA-vsan1-zone-alias-Alias1] member pwwn 22:33:44:55:66:77:88:99 target

[SwitchA-vsan1-zone-alias-Alias1] member fcid 020004 target

[SwitchA-vsan1-zone-alias-Alias1] quit

# Create a zone named Zone1, and specify FC ID 010001 as its member.

[SwitchA-vsan1] zone name Zone1

[SwitchA-vsan1-zone-Zone1] member fcid 010001

[SwitchA-vsan1-zone-Zone1] quit

# Create a zone named Zone2, and enable the Pairwise feature for Zone2.

[SwitchA-vsan1] zone name Zone2

[SwitchA-vsan1-zone-Zone2] pairwise-zoning enable

# Specify FC ID 010002 and pWWN 11:22:33:44:55:66:77:88 as its initiator member and target member, respectively.

[SwitchA-vsan1-zone-Zone2] member fcid 010002 initiator

[SwitchA-vsan1-zone-Zone2] member pwwn 11:22:33:44:55:66:77:88 target

# Add zone alias Alias1 to Zone2 as a member.

[SwitchA-vsan1-zone-Zone2] member zone-alias Alias1

[SwitchA-vsan1-zone-Zone2] quit

# Create a zone named Zone3, and enable the Pairwise feature for Zone3.

[SwitchA-vsan1] zone name Zone3

[SwitchA-vsan1-zone-Zone3] pairwise-zoning enable

# Specify FC ID 010003 as its initiator member.

[SwitchA-vsan1-zone-Zone3] member fcid 010003 initiator

# Add zone alias Alias1 to Zone3 as a member.

[SwitchA-vsan1-zone-Zone3] member zone-alias Alias1

[SwitchA-vsan1-zone-Zone3] quit

# Create a zone set named Zoneset1, and add zones Zone1, Zone2, and Zone3 as its members.

[SwitchA-vsan1] zoneset name Zoneset1

[SwitchA-vsan1-zoneset-Zoneset1] member Zone1

[SwitchA-vsan1-zoneset-Zoneset1] member Zone2

[SwitchA-vsan1-zoneset-Zoneset1] member Zone3

[SwitchA-vsan1-zoneset-Zoneset1] quit

# Activate a zone set and distribute it to the entire fabric.

[SwitchA-vsan1] zoneset activate name Zoneset1

Verifying the configuration

Verify the configuration on either switch, for example, Switch B.

# Display zone set information for VSAN 1.

<SwitchB> display zoneset vsan 1

VSAN 1:

  zoneset name Zoneset1

    zone name Zone1

      fcid 0x010001

    zone name Zone2

      fcid 0x010002 initiator

      pwwn 11:22:33:44:55:66:77:88 target

      zone-alias Alias1

        fcid 0x020004 target

        pwwn 22:33:44:55:66:77:88:99 target

    zone name Zone3

      fcid 0x010003 initiator

      zone-alias Alias1

        fcid 0x020004 target

        pwwn 22:33:44:55:66:77:88:99 target

# Display information about the zone Zone2 in VSAN 1.

<SwitchB> display zone name Zone2 vsan 1

VSAN 1:

  zone name Zone2

    fcid 0x010002 initiator

pwwn 11:22:33:44:55:66:77:88 target

    zone-alias Alias1

      fcid 0x020004 target

      pwwn 22:33:44:55:66:77:88:99 target

# Display information about all zone aliases.

<SwitchB> display zone-alias

VSAN 1:

  zone-alias name Alias1

    fcid 0x020004 target

    pwwn 22:33:44:55:66:77:88:99 target

# Display the zone or zone alias to which 020004 (FC ID type) belongs.

<SwitchB> display zone member fcid 020004

fcid 0x020004

VSAN 1:

  zone-alias Alias1

    zone Zone2

    zone Zone3

# Display information about the active zone set in VSAN 1.

<SwitchB> display zoneset active vsan 1

VSAN 1:

  zoneset name Zoneset1

    zone name Zone1

      *fcid 0x010001

    zone name Zone2

      *fcid 0x010002

      *fcid 0x020004

      *fcid 0x020005 [pwwn 22:33:44:55:66:77:88:99]

      *fcid 0x020006 [pwwn 11:22:33:44:55:66:77:88]

    zone name Zone3

      *fcid 0x010003

      *fcid 0x020004

      *fcid 0x020005 [pwwn 22:33:44:55:66:77:88:99]

 


Configuring NPV

Overview

NPV enables an FC SAN to accommodate more than 239 switches.

NPV switches forward traffic from nodes to the core switch.

Figure 28 shows a typical NPV network diagram.

Figure 28 NPV network diagram

 

 

NOTE:

An NPV switch must be directly connected to the core switch.

 

Downlink interface and downlink

A downlink interface, also known as a server interface, is an interface through which an NPV switch connects to a node. It must be a VFC interface configured to operate in F mode.

A downlink is a link from an NPV switch to its node.

Each downlink interface is uniquely mapped to an operational uplink interface. All traffic from the node connected to the downlink interface is forwarded to the core switch through the uplink interface.

Uplink interface and uplink

An uplink interface, also known as an external interface, is the interface through which an NPV switch connects to the core switch. It must be a VFC interface configured to operate in NP mode.

An uplink is a link from an NPV switch to the core switch.

When the uplink becomes operational, the NPV switch sends a fabric login (FLOGI) packet to the core switch for registration. The core switch assigns the uplink interface (NP_Port) an FC address. Then, the NPV switch registers itself with the name server on the core switch. When receiving a packet from a node, the NPV switch performs the following operations:

·           Forwards the packet to the core switch through the mapped uplink interface.

·           Passes the response packet from the core switch to the node through the downlink interface.

Downlink-to-uplink interface mappings

NPV switches automatically map downlink interfaces to uplink interfaces. Before a downlink interface is brought up, the NPV switch maps it to the uplink interface to which the minimum number of downlink interfaces is mapped.

Typically, automatic mapping can meet your requirements. When a downlink interface must be connected to a fabric through the specified uplink interfaces, you can manually map the uplink interfaces. After you configure the mapping, the downlink interface can be mapped to only the configured uplink interfaces. If none of the configured uplink interfaces is operational, the downlink interface cannot be operational.

A configured mapping selects the uplink interface with the minimum load from configured uplink interfaces and then maps the downlink interface to it.

After a mapping is established, all traffic from the downlink interface is forwarded through the uplink interface.

Load balancing

Manual load balancing

When a new uplink interface becomes operational, the NPV switch does not perform a remapping for load balancing. In the event of remapping, the NPV switch reinitializes downlink interfaces. Then, the nodes connected to downlink interfaces register with the core switch again. This causes traffic interruption to the nodes.

You can trigger a remapping by using commands for better load balancing. In this case, the NPV switch reinitializes all downlink interfaces.

You can manually trigger a remapping for better load balancing when a new uplink interface becomes operational. In this case, the NPV switch reinitializes the downlink interfaces that are moved from one uplink interface to another uplink interface.

Automatic load balancing

When the system detects that a new uplink interface becomes operational, it starts a delay timer. When the timer expires, the system automatically redistributes downlink interfaces across all uplink interfaces. If another uplink interface becomes operational before the timer expires, the system resets the timer.

NPV configuration task list

Tasks at a glance

Remarks

(Required.) Perform either of the following tasks:

·          Configure the switch to operate in NPV mode

·          Configure a VSAN to operate in NPV mode:

a.   Configure the switch to operate in FCF-NPV mode

b.   Setting the operating mode for a VSAN

For information about configuring a switch to operate in NPV or FCF-NPV mode, see "FCoE configuration guidelines."

(Required.) Configuring uplink interfaces and downlink interfaces

N/A

(Optional.) Configuring downlink-to-uplink interface mappings

N/A

(Optional.) Manually initiating a disruptive load balancing process

N/A

(Optional.) Configuring automatic load balancing

N/A

 

Configuring uplink interfaces and downlink interfaces

After configuring the switch to operate in NPV mode, configure the uplink interfaces and downlink interfaces.

Configuring uplink interfaces

Uplink interfaces must be VFC interfaces in NP mode.

To configure an uplink interface:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

This interface is connected to the core switch.

3.      Configure the mode of the interface to as NP.

fc mode np

The default setting is F mode on both NPV and FCF-NPV switches.

 

Configuring downlink interfaces

Downlink interfaces must be VFC interfaces in F mode.

To configure a downlink interface:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VFC interface view.

interface vfc interface-number

This interface is connected to a node.

3.      Configure the mode of the interface to as F.

fc mode f

The default setting is F mode on both NPV and FCF-NPV switches.

 

Configuring downlink-to-uplink interface mappings

CAUTION

CAUTION:

If an uplink interface mapped by a downlink interface is not in the configured mappings, the switch initializes the downlink interface, resulting in traffic interruption.

 

NPV switches automatically map downlink interfaces to uplink interfaces. Typically, automatic mapping can meet your requirements. When a downlink interface must be connected to a fabric through the specified uplink interfaces, you can manually map the downlink interface to the uplink interfaces.

After you configure the mapping, the downlink interface can be mapped to only the configured uplink interfaces. If none of the configured uplink interfaces is operational, the downlink interface cannot be operational. A configured mapping selects the uplink interface with the minimum load from configured uplink interfaces and then maps the downlink interface to it.

To configure a downlink-to-uplink interface mapping:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Configure a downlink-to-uplink interface mapping.

npv traffic-map server-interface interface-type interface-number external-interface interface-type interface-number

By default, no mapping is configured.

 

Manually initiating a disruptive load balancing process

When traffic is not distributed evenly among uplink interfaces in a VSAN, use this feature to redistribute downlink traffic across all uplink interfaces for better load balancing. Downlink interfaces that are moved to a different uplink interface are reinitialized. Traffic disruption occurs on the nodes connected to these moved downlink interfaces.

To initiate a disruptive load balancing process:

 

Step

Command

1.      Enter system view.

system-view

2.      Enter VSAN view.

vsan vsan-id

3.      Manually initiate a disruptive load balancing process.

npv load-balance disruptive

 

Configuring automatic load balancing

This feature automatically redistributes downlink interfaces across all uplink interfaces if the system detects new operational uplink interfaces. When the system detects a new operational uplink interface, the system starts a delay timer. When the timer expires, the system automatically redistributes downlink interfaces across all uplink interfaces. If another uplink interface becomes operational before the timer expires, the system resets the timer. The delay timer helps reduce network flapping caused by up/down events of uplink interfaces. If the link layer state of uplink interfaces is stable, set the delay timer to a smaller value. Otherwise, set the delay timer to a greater value.

This feature might trigger a load balancing process when a new uplink interface become operational, which causes traffic disruption.

When this feature is disabled, downlink-to-uplink interface mappings are not affected.

To configure automatic load balancing:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enable automatic load balancing.

npv auto-load-balance enable

By default, automatic load balancing is disabled.

4.      Set the delay timer for automatic load balancing.

npv auto-load-balance-interval interval

The default setting is 30 seconds.

 

Displaying and maintaining NPV

Execute display commands in any view.

 

Task

Command

Display the login information for NP_Ports.

display fc nport [ interface interface-type interface-number ]

Display the nodes on downlink interfaces and their mapped uplink interfaces.

display npv login [ vsan vsan-id ] [ interface interface-type interface-number ]

display npv login [ vsan vsan-id ] count

Display the traffic mapping information.

display npv traffic-map [ vsan vsan-id ] [ interface interface-type interface-number ]

Display status information.

display npv status [ vsan vsan-id ]

 

NPV configuration example

Network requirements

As shown in Figure 29, configure the edge switch (Switch A) as an NPV switch to expand the network.

Figure 29 Network diagram

 

Configuration procedure

1.      Configure Switch A:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in NPV mode.

<SwitchA> system-view

[SwitchA] fcoe-mode npv

# Create VSAN 1.

[SwitchA] vsan 1

[SwitchA-vsan1] quit

# Create interface VFC 1.

[SwitchA] interface vfc 1

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 1 as a trunk port.

[SwitchA-Vfc1] port trunk vsan 1

[SwitchA-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Create interface VFC 2.

[SwitchA] interface vfc 2

# Bind VFC 2 to interface Ten-GigabitEthernet 1/0/2.

[SwitchA-Vfc2] bind interface ten-gigabitethernet 1/0/2

# Assign VFC 2 to VSAN 1 as a trunk port.

[SwitchA-Vfc2] port trunk vsan 1

[SwitchA-Vfc2] quit

# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 10.

[SwitchA] interface ten-gigabitethernet 1/0/2

[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 10

[SwitchA-Ten-GigabitEthernet1/0/2] quit

# Create interface VFC 3.

[SwitchA] interface vfc 3

# Bind VFC 3 to interface Ten-GigabitEthernet 1/0/3.

[SwitchA-Vfc3] bind interface ten-gigabitethernet 1/0/3

# Assign VFC 3 to VSAN 1 as a trunk port.

[SwitchA-Vfc3] port trunk vsan 1

[SwitchA-Vfc3] quit

# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign the port to VLAN 10.

[SwitchA] interface ten-gigabitethernet 1/0/3

[SwitchA-Ten-GigabitEthernet1/0/3] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/3] port trunk permit vlan 10

[SwitchA-Ten-GigabitEthernet1/0/3] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchA] vlan 10

[SwitchA-vlan10] fcoe enable vsan 1

[SwitchA-vlan10] quit

# Set the mode of the uplink port VFC 3 to NP.

[SwitchA] interface vfc 3

[SwitchA-Vfc3] fc mode np

[SwitchA-Vfc3] quit

# Set the mode of the downlink ports VFC 1 and VFC 2 to F.

[SwitchA] interface vfc 1

[SwitchA-Vfc1] fc mode f

[SwitchA-Vfc1] quit

[SwitchA] interface vfc 2

[SwitchA-Vfc2] fc mode f

[SwitchA-Vfc2] quit

2.      Configure Switch B:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchB> system-view

[SwitchB] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchB] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchB] quit

# Reboot the switch.

<SwitchB> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchB> system-view

[SwitchB] fcoe-mode fcf

# Create VSAN 1.

[SwitchB] vsan 1

[SwitchB-vsan1] quit

# Create interface VFC 3.

[SwitchB] interface vfc 3

# Configure the mode of VFC 3 as F.

[SwitchB-Vfc3] fc mode f

# Bind VFC 3 to interface Ten-GigabitEthernet 1/0/3.

[SwitchB-Vfc3] bind interface ten-gigabitethernet 1/0/3

# Assign VFC 3 to VSAN 1 as a trunk port.

[SwitchB-Vfc3] port trunk vsan 1

[SwitchB-Vfc3] quit

# Configure Ten-GigabitEthernet 1/0/3 as a trunk port, and assign the port to VLAN 10.

[SwitchB] interface ten-gigabitethernet 1/0/3

[SwitchB-Ten-GigabitEthernet1/0/3] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/3] port trunk permit vlan 10

[SwitchB-Ten-GigabitEthernet1/0/3] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchB] vlan 10

[SwitchB-vlan10] fcoe enable vsan 1

[SwitchB-vlan10] quit

Verifying the configuration

# Display the nodes on downlink interfaces and their mapped uplink interfaces.

[SwitchA] display npv login

Server                                                                  External

Interface VSAN FCID     Node WWN                Port WWN                Interface

Vfc1      1    0x010001 20:00:00:00:c8:00:e4:30 21:00:00:00:c8:60:e4:9a Vfc3

Vfc2      1    0x010002 20:00:00:00:c9:00:e4:30 21:00:00:00:c9:60:e4:9a Vfc3

# Display the status of Switch A.

[SwitchA] display npv status

External Interfaces:

  Interface: Vfc3    VSAN tagging mode: Tagging

    VSAN  State  FCID

    1     Up     0x010000

 

  Number of External Interfaces: 1

 

Server Interfaces:

  Interface : Vfc1    VSAN tagging mode: Tagging

    VSAN  State

    1     Up

 

  Interface : Vfc2    VSAN tagging mode: Tagging

    VSAN  State

    1     Up

 

  Number of Server Interfaces: 2

# Display the traffic mapping information on NPV switch Switch A.

[SwitchA] display npv traffic-map

NPV traffic map information of VSAN 1:

Server Interface       External Interface

Vfc1                   Vfc3

Vfc2                   Vfc3

 


Configuring FIP snooping

Overview

To communicate with devices in the FC SAN, a node must register with an FC fabric. An FCF switch has point-to-point connections with nodes. An FCF switch brings up an interface connected to a node only after the node completes fabric login on the interface.

In an FCoE implementation, Transit switches can be present between ENodes and FCF switches, so the connections between ENodes and FCF switches are no longer point-to-point. In this case, a node that has not performed fabric login might communicate with the FC SAN. For example, two ENodes are connected to one FCF switch through a Transit switch. After one ENode has registered with the FCF switch and the corresponding interface is brought up, the other ENode can also communicate with the FC SAN.

FCoE Initialization Protocol Snooping (FIP snooping) is a security feature that can run only on Transit switches in an FCoE network. By checking source MAC addresses of FCoE frames, FIP snooping enables a Transit switch to forward FCoE frames only between the following elements:

·           An ENode that has performed fabric login.

·           The FCF switch that has accepted its fabric login.

FIP snooping network diagram

Figure 30 shows a typical FIP snooping network diagram.

Figure 30 FIP snooping network diagram

 

Ethernet interfaces on a Transit switch can operate in ENode or FCF mode. An Ethernet interface connected to an ENode must be configured to operate in ENode mode. An Ethernet interface connected to an FCF switch must be configured to operate in FCF mode.

To control packet exchange between ENodes and FCF switches, perform the following tasks:

·           Enable FIP snooping.

·           Configure the Ethernet interfaces to operate in a correct mode on the Transit switch.

How FIP snooping works

After FIP snooping is enabled for a VLAN, Ethernet interfaces on the Transit switch establish FIP snooping rules according to FIP frames (with EtherType as 0x8914). Then, the Ethernet interfaces control the forwarding of FCoE frames (with EtherType as 0x8906) based on the FIP snooping rules.

To facilitate description, the following definitions are specified:

·           FIP snooping rules generated on an Ethernet interface operating in FCF mode are called FCF FIP snooping rules.

·           FIP snooping rules generated on an Ethernet interface operating in ENode mode are called ENode FIP snooping rules.

Establishing FIP snooping rules

FIP snooping rules are established when a virtual link is established between an ENode and an FCF switch. The following workflow is used to establish FIP snooping rules:

1.      After receiving an unsolicited Discovery Advertisement from an FCF switch, the Ethernet interface in FCF mode on the Transit switch performs the following operations:

a.    Generates an FCF FIP snooping rule based on the unsolicited Discovery Advertisement.

b.    Forwards the unsolicited Discovery Advertisement to the ENode.

The FCF FIP snooping rule allows FCoE frames meeting the following requirements to pass through:

?  The source MAC address is the MAC address in the unsolicited Discovery Advertisement (FCoE MAC address of the FCF switch).

?  The 24 most significant bits of the destination MAC address is the FC-MAP value configured for the VLAN.

2.      The Transit switch receives a Discovery Solicitation from the ENode on the Ethernet interface in ENode mode.

3.      The Transit switch forwards the Discovery Solicitation to the FCF switch through the Ethernet interface in FCF mode.

4.      The Transit switch receives a FIP FLOGI request from the ENode on the Ethernet interface in ENode mode.

5.      The Transit switch forwards the FIP FLOGI request to the FCF switch through the Ethernet interface in FCF mode.

6.      When forwarding the FLOGI LS_ACC packet from the FCF switch to the ENode, the Ethernet interface in ENode mode performs the following operations:

a.    Obtains the FC address assigned by the FCF switch to the ENode and the FCoE MAC address of the FCF switch.

b.    Generates an ENode FIP snooping rule.

The ENode FIP snooping rule allows FCoE frames meeting the following requirements to pass through:

?  The source MAC address is the FPMA (with FC-MAP as the 24 most significant bits and FC address as the 24 least significant bits).

?  The destination MAC address is the FCoE MAC address of the FCF switch.

FIP snooping rules exist as long as the virtual link is present, and they are deleted when you delete the virtual link.

Controlling forwarding of FCoE frames

After establishing FIP snooping rules, a Transit switch forwards only FCoE frames that match FIP snooping rules. As a result, only successfully registered ENodes can communicate with FCF switches.

FIP snooping configuration task list

Tasks at a glance

Remarks

(Required.) Configuring an FCoE mode

Configure the switch to operate in Transit mode.

(Required.) Enabling FIP snooping

N/A

(Required.) Setting the operating mode of an Ethernet interface

N/A

(Optional.) Setting the FC-MAP value for a VLAN

N/A

 

Enabling FIP snooping

FIP snooping is enabled on a per-VLAN basis.

To enable FIP snooping in a VLAN:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VLAN view.

vlan vlan-id

N/A

3.      Enable FIP snooping in the VLAN.

fip-snooping enable

By default, FIP snooping is disabled in a VLAN.

 

Setting the operating mode of an Ethernet interface

Ethernet interfaces on a Transit switch can operate in ENode mode or FCF mode. An Ethernet interface connected to an ENode must be configured to operate in ENode mode. An Ethernet interface connected to an FCF switch must be configured to operate in FCF mode.

To set the operating mode of an Ethernet interface:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view.

interface interface-type interface-number

N/A

3.      Set the operating mode of the interface.

fip-snooping port-mode { enode | fcf }

The default setting is ENode mode.

 

Setting the FC-MAP value for a VLAN

The FC-MAP value identifies an FCoE network. Switches (including FCF switches and Transit switches) in the same FCoE network must have the same FC-MAP value.

You can use the fcoe fcmap command to set the FC-MAP value in frames sent out of an FCF switch. You can use the fip-snooping fc-map command to set an FC-MAP value for a VLAN on a Transit switch.

When an Ethernet interface in the FIP snooping VLAN receives a frame from the FCF switch, the following rules apply:

·           If the FC-MAP value in the incoming frame is the same as the value set for the FIP snooping VLAN, the Ethernet interface forwards the frame.

·           If the FC-MAP value in the incoming frame is different from the value set for the FIP snooping VLAN, the Ethernet interface drops the frame.

To set an FC-MAP value:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VLAN view.

vlan vlan-id

N/A

3.      Set an FC-MAP value.

fip-snooping fc-map fc-map

The default setting is 0x0EFC00.

 

Displaying and maintaining FIP snooping

Execute display commands in any view.

 

Task

Command

Display ENode information obtained by a Transit switch.

display fip-snooping enode [ vlan vlan-id ]

Display FCF switch information obtained by a Transit switch.

display fip-snooping fcf [ vlan vlan-id ]

Display the FIP snooping rules that have been flushed.

display fip-snooping rules [ enode | fcf ] [ vlan vlan-id ] [ slot slot-number ]

Display the FIP snooping rules that are being flushed.

display fip-snooping flushing-rules [ enode | fcf ] [ vlan vlan-id ]

Display information about FIP snooping sessions (connections between ENodes and FCF switches).

display fip-snooping sessions [ vlan vlan-id ]

 

FIP snooping configuration example

Network requirements

As shown in Figure 31, enable FIP snooping on the Transit switch for reliable communication between the ENode and FCF switch.

Figure 31 Network diagram

 

Configuration procedure

1.      Configure the Transit switch:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<Transit> system-view

[Transit] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[Transit] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[Transit] quit

# Reboot the switch.

<Transit> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in Transit mode.

<Transit> system-view

[Transit] fcoe-mode transit

# Enable FIP snooping in VLAN 10.

[Transit] vlan 10

[Transit-vlan10] fip-snooping enable

# Set the FC-MAP value to 0x0EFC01 for VLAN 10.

[Transit-vlan10] fip-snooping fc-map 0efc01

[Transit-vlan10] quit

# Configure interface Ten-GigabitEthernet 1/0/1 as a trunk port.

[Transit] interface ten-gigabitethernet 1/0/1

[Transit-Ten-GigabitEthernet1/0/1] port link-type trunk

# Assign the interface to VLAN 10.

[Transit-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

# Configure the interface to operate in ENode mode.

[Transit-Ten-GigabitEthernet1/0/1] fip-snooping port-mode enode

[Transit-Ten-GigabitEthernet1/0/1] quit

# Configure interface Ten-GigabitEthernet 1/0/2 as a trunk port.

[Transit] interface ten-gigabitethernet 1/0/2

[Transit-Ten-GigabitEthernet1/0/2] port link-type trunk

# Assign the interface to VLAN 10.

[Transit-Ten-GigabitEthernet1/0/2] port trunk permit vlan 10

# Configure the interface to operate in FCF mode.

[Transit-Ten-GigabitEthernet1/0/2] fip-snooping port-mode fcf

[Transit-Ten-GigabitEthernet1/0/2] quit

2.      Configure the FCF switch:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<FCF> system-view

[FCF] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[FCF] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[FCF] quit

# Reboot the switch.

<FCF> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<FCF> system-view

[FCF] fcoe-mode fcf

# Set the FC-MAP value to 0x0EFC01.

[FCF] fcoe fcmap 0efc01

# Create VSAN 10.

[FCF] vsan 10

[FCF-vsan10] quit

# Create interface VFC 2.

[FCF] interface vfc 2

# Set the mode of VFC 2 to F.

[FCF-vfc2] fc mode f

# Assign VFC 2 to VSAN 10.

[FCF-vfc2] port trunk vsan 10

# Bind VFC 2 to interface Ten-GigabitEthernet 1/0/2.

[FCF-vfc2] bind interface ten-gigabitethernet 1/0/2

[FCF-Vfc2] quit

# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 10.

[FCF] interface ten-gigabitethernet 1/0/2

[FCF-Ten-GigabitEthernet1/0/2] port link-type trunk

[FCF-Ten-GigabitEthernet1/0/2] port trunk permit vlan 10

[FCF-Ten-GigabitEthernet1/0/2] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 10.

[FCF] vlan 10

[FCF-vlan10] fcoe enable vsan 10

Verifying the configuration

# Display ENode information obtained by the Transit switch.

[Transit] display fip-snooping enode

VLAN 10:

Interface   ENode WWN                  ENode MAC

XGE1/0/1    10:00:00:11:22:00:0d:01    0000-1234-0d01

# Display FCF switch information obtained by the Transit switch.

[Transit] display fip-snooping fcf

VLAN 10:

Interface   FCF MAC          FCF WWN                 Fabric Name                ENode

XGE1/0/2    0000-1234-0e01   10:00:00:11:22:00:0e:01 10:0a:00:11:22:00:0e:01    1

# Display information about FIP snooping sessions.

[Transit] display fip-snooping sessions

VLAN 10:

FCF MAC          ENode MAC         VN_Port MAC     VN_Port WWN

0000-1234-0e01   0000-1234-0d01    0efc-0001-0000  af:10:01:11:22:00:0d:01

# Display the FIP snooping rules that have been flushed.

Slot 1:

  VLAN 10:

    FCF rules information:

      Interface   Source MAC/Mask     Destination MAC/Mask   Context

      XGE1/0/2    0000-1234-0e01/48   0efc-0000-0000/24      ffffffff

    ENode rules information:

      Interface   Source MAC/Mask     Destination MAC/Mask   Context

      XGE1/0/1    0efc-0001-0000/48   0000-1234-0e01/48      ffffffff

 


Configuring port security

Overview

Typically, any device (a node or switch) in a SAN can log in to an FCF switch. The port security feature prevents unauthorized access to switch interfaces.

After you configure port security for a VSAN, the switch performs authorization checks on each device that attempts to log in based on the port security database.

·           If the device passes the authorization checks, it is allowed to log in.

·           If the device fails the authorization checks, it is denied.

Control scope

The port security feature allows you to control access of the following devices:

·           An N_Port specified by its pWWN.

·           An NP_Port specified by its pWWN.

·           A node specified by its nWWN (represents all N_Ports on the node).

·           An NPV switch specified by its nWWN (represents all NP_Ports on the NPV switch).

·           An FCF switch specified by its sWWN.

Port security database

A port security database stores device-interface binding entries. An entry specifies the interfaces through which a device can log in. Device-interface binding entries can be statically configured or automatically learned.

After you enable auto learning, the switch automatically learns binding entries for devices that log in. Enable auto learning when devices are secure. Enabling auto learning reduces manual configuration.

Methods of enabling auto learning

You can enable auto learning by using either of the following methods:

·           Enable auto learning while enabling port security. In this case, the switch learns binding entries for both devices already logged in and devices newly logged in. If you enable port security without enabling auto learning, devices already logged in are logged out.

·           Enable auto learning separately. In this case, the switch learns binding entries for only devices newly logged in.

Binding entry types

A port security database has the following types of binding entries:

·           Static entries—Manually configured and can overwrite learning and learned entries.

·           Learning entries—Automatically learned entries. A learning entry does not affect device login and is deleted when the corresponding device logs out. Learning entries cannot overwrite static or learned entries.

·           Learned entries—Converted from existing learning entries when auto learning is disabled. A learned entry affects device login and is not deleted when the corresponding device logs out.

Authorization checks

The switch determines whether to allow a device to log in by performing authorization checks as shown in Figure 32.

 

 

NOTE:

Both static and learned binding entries affect device login.

 

Figure 32 Authorization checks

 

After the switch denies a device, the switch shuts down the F_Port or isolates the E_Port connecting to the device. In this case, the F_Port or E_Port will not restore its state automatically even if you configure the F_Port or E_Port to allow the device. To allow a denied device, perform the following tasks:

1.      Configure a binding entry to allow the device.

2.      Execute the undo shutdown command to bring up the F_Port, or execute the shutdown and undo shutdown commands to bring up the E_Port.

For an E_Port, you can also execute the undo port trunk and port trunk commands to remove its isolated state.

Port security configuration task list

Tasks at a glance

(Required.) Enabling port security

(Required.) Perform one or both of the following tasks:

·          Configuring binding entries

·          Enabling auto learning

(Optional.) Converting learned entries to static entries

(Optional.) Enabling SNMP notifications for port security

 

Enabling port security

You can configure other port security settings only after you enable port security.

When you enable port security, you can also enable auto learning. In this case, the switch learns binding entries for both devices already logged in and devices newly logged in. If you enable port security without enabling auto learning, the switch logs out devices already logged in.

To enable port security:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enable port security for the VSAN.

fc-port-security enable [ auto-learn ]

By default, port security is disabled for a VSAN.

 

Configuring binding entries

After you add or delete a binding entry, the switch performs authorization checks on devices already logged in.

·           If the device specified in the binding entry or a device on a specified interface passes authorization checks, the device is not logged out.

·           Otherwise, the device is logged out.

To configure binding entries:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Allow a pWWN to log in through the specified interfaces.

pwwn pwwn [ interface interface-list ]

By default, a pWWN is not allowed to log in through the specified interfaces.

4.      Allow an nWWN to log in through the specified interfaces.

nwwn nwwn [ interface interface-list ]

By default, an nWWN is not allowed to log in through the specified interfaces.

5.      Allow an sWWN to log in through the specified interfaces.

swwn swwn [ interface interface-list ]

By default, an sWWN is not allowed to log in through the specified interfaces.

6.      Allow any WWN to log in through the specified interfaces.

any-wwn interface interface-list

By default, WWNs are not allowed to log in through an interface.

 

Enabling auto learning

After you enable auto learning, all devices that are newly logged in are added to the port security database as learning entries. A learning entry does not affect device login and is deleted when the corresponding device logs out. When you disable auto learning, learning entries are converted to learned entries. A learned entry affects device login and is not deleted when the corresponding device logs out.

To enable auto learning:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enter VSAN view.

vsan vsan-id

N/A

3.      Enable auto learning for the VSAN.

fc-port-security auto-learn

By default, auto learning is disabled in a VSAN.

 

Converting learned entries to static entries

Learned entries do not survive a reboot. To make learned entries survive reboots, convert the learned entries to static entries.

To convert learned entries to static entries in a VSAN:

 

Step

Command

1.      Enter system view.

system-view

2.      Enter VSAN view.

vsan vsan-id

3.      Convert learned entries to static entries in the VSAN.

fc-port-security database copy

 

Enabling SNMP notifications for port security

After you enable SNMP notifications for port security, the port security module generates notifications for important events and sends the notifications to the SNMP module. For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide.

To enable SNMP notifications for port security:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Enable SNMP notifications for port security.

snmp-agent trap enable fc-port-security [ violation-happen ]

By default, all SNMP notifications for port security are disabled.

 

Displaying and maintaining port security

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display binding entries in the port security database.

display fc-port-security database { all | auto-learn | static } [ interface interface-type interface-number ] [ vsan vsan-id ]

Display port security statistics.

display fc-port-security statistics [ vsan vsan-id ]

Display the status of port security and auto learning.

display fc-port-security status [ vsan vsan-id ]

Display security violation entries.

display fc-port-security violation [ vsan vsan-id ]

Clear binding entries in the port security database.

reset fc-port-security database { all | auto-learn | static } [ interface interface-type interface-number ] vsan vsan-id

Clear port security statistics.

reset fc-port-security statistics vsan vsan-id

 

Port security configuration example

Network requirements

As shown in Figure 33, the pWWN and nWWN of Server A are 20:36:44:78:66:77:ab:97 and 10:36:44:78:66:77:ab:97, respectively. The pWWN and nWWN of Server B are 20:33:44:78:66:77:ab:96 and 10:33:44:78:66:77:ab:96, respectively. The sWWNs of Switch A, Switch B, and Switch C are 10:83:45:87:66:19:ea:91, 10:83:45:87:66:19:bc:92, and 10:83:45:87:66:19:bc:93, respectively.

Configure port security to meet the following requirements:

·           Switch A, Server A, and Switch C can access one another.

·           Switch B, Server B, and Switch C cannot access one another.

Figure 33 Network diagram

 

Configuration procedure

1.      Configure Switch C:

# Configure the switch to operate in advanced mode, save the configuration, and reboot the switch. (Skip this step if the switch is operating in advanced mode.)

<SwitchC> system-view

[SwitchC] system-working-mode advance

[SwitchC] save

[SwitchC] quit

<SwitchC> reboot

# Configure the switch to operate in FCF mode.

<SwitchC> system-view

[SwitchC] fcoe-mode fcf

# Create VSAN 2.

[SwitchC] vsan 2

[SwitchC-vsan2] quit

# Create interface VFC 1, and configure VFC 1 to operate in E mode.

[SwitchC] interface vfc 1

[SwitchC-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1, and assign VFC 1 to VSAN 2 as a trunk port.

[SwitchC-Vfc1] bind interface ten-gigabitethernet 1/0/1

[SwitchC-Vfc1] port trunk vsan 2

[SwitchC-Vfc1] quit

# Configure interface Ten-GigabitEthernet 1/0/1 to allow VLAN 2.

[SwitchC] interface ten-gigabitethernet 1/0/1

[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2

[SwitchC-Ten-GigabitEthernet1/0/1] quit

# Create interface VFC 2, and configure VFC 2 to operate in E mode.

[SwitchC] interface vfc 2

[SwitchC-Vfc2] fc mode e

# Bind VFC 2 to interface Ten-GigabitEthernet 1/0/2, and assign VFC 2 to VSAN 2 as a trunk port.

[SwitchC-Vfc2] bind interface ten-gigabitethernet 1/0/2

[SwitchC-Vfc2] port trunk vsan 2

[SwitchC-Vfc2] quit

# Configure interface Ten-GigabitEthernet 1/0/2 to allow VLAN 2.

[SwitchC] interface ten-gigabitethernet 1/0/2

[SwitchC-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2

[SwitchC-Ten-GigabitEthernet1/0/2] quit

# Create interface VFC 3, and configure VFC 3 to operate in F mode.

[SwitchC] interface vfc 3

[SwitchC-Vfc3] fc mode f

# Bind VFC 3 to interface Ten-GigabitEthernet 1/0/3, and assign VFC 3 to VSAN 2 as a trunk port.

[SwitchC-Vfc3] bind interface ten-gigabitethernet 1/0/3

[SwitchC-Vfc3] port trunk vsan 2

[SwitchC-Vfc3] quit

# Configure interface Ten-GigabitEthernet 1/0/3 to allow VLAN 2.

[SwitchC] interface ten-gigabitethernet 1/0/3

[SwitchC-Ten-GigabitEthernet1/0/3] port link-type trunk

[SwitchC-Ten-GigabitEthernet1/0/3] port trunk permit vlan 2

[SwitchC-Ten-GigabitEthernet1/0/3] quit

# Create interface VFC 4, and configure VFC 4 to operate in F mode.

[SwitchC] interface vfc 4

[SwitchC-Vfc4] fc mode f

# Bind VFC 4 to interface Ten-GigabitEthernet 1/0/4, and assign VFC 4 to VSAN 2 as a trunk port.

[SwitchC-Vfc4] bind interface ten-gigabitethernet 1/0/4

[SwitchC-Vfc4] port trunk vsan 2

[SwitchC-Vfc4] quit

# Configure interface Ten-GigabitEthernet 1/0/4 to allow VLAN 2.

[SwitchC] interface ten-gigabitethernet 1/0/4

[SwitchC-Ten-GigabitEthernet1/0/4] port link-type trunk

[SwitchC-Ten-GigabitEthernet1/0/4] port trunk permit vlan 2

[SwitchC-Ten-GigabitEthernet1/0/4] quit

# Enable FCoE for VLAN 2 and map VLAN 2 to VSAN 2.

[SwitchC] vlan 2

[SwitchC-vlan2] fcoe enable vsan 2

[SwitchC-vlan2] quit

# Enable port security and auto learning in VSAN 2.

[SwitchC] vsan 2

[SwitchC-vsan2] fc-port-security enable auto-learn

# Allow Switch A to log in through interfaces VFC 1 and VFC 2 in VSAN 2.

[SwitchC-vsan2] swwn 10:83:45:87:66:19:ea:91 interface vfc 1 to vfc 2

# Allow Server A to log in through interfaces VFC 3 and VFC 4 in VSAN 2.

[SwitchC-vsan2] nwwn 20:36:44:78:66:77:ab:97 interface vfc 3 to vfc 4

[SwitchC-vsan2] quit

2.      Configure Switch A:

# Configure the switch to operate in advanced mode, save the configuration, and reboot the switch. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

[SwitchA] save

[SwitchA] quit

<SwitchA> reboot

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Create VSAN 2.

[SwitchA] vsan 2

[SwitchA-vsan2] quit

# Create interface VFC 1, and configure VFC 1 to operate in E mode.

[SwitchA] interface vfc 1

[SwitchA-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1, and assign VFC 1 to VSAN 2 as a trunk port.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

[SwitchA-Vfc1] port trunk vsan 2

[SwitchA-Vfc1] quit

# Configure interface Ten-GigabitEthernet 1/0/1 to allow VLAN 2.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Enable FCoE for VLAN 2 and map VLAN 2 to VSAN 2.

[SwitchC] vlan 2

[SwitchC-vlan2] fcoe enable vsan 2

[SwitchC-vlan2] quit

# Enable port security and auto learning in VSAN 2.

[SwitchA] vsan 2

[SwitchA-vsan2] fc-port-security enable auto-learn

# Allow Switch C to log in through interface VFC 1.

[SwitchA-vsan2] swwn 10:83:45:87:66:19:bc:93 interface vfc 1

3.      Configure Switch B:

# Configure the switch to operate in advanced mode, save the configuration, and reboot the switch. (Skip this step if the switch is operating in advanced mode.)

<SwitchB> system-view

[SwitchB] system-working-mode advance

[SwitchB] save

[SwitchB] quit

<SwitchB> reboot

# Configure the switch to operate in FCF mode.

<SwitchB> system-view

[SwitchB] fcoe-mode fcf

# Create VSAN 2.

[SwitchB] vsan 2

[SwitchB-vsan2] quit

# Create interface VFC 1, and configure VFC 1 to operate in E mode.

[SwitchB] interface vfc 1

[SwitchB-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1, and assign VFC 1 to VSAN 2 as a trunk port.

[SwitchB-Vfc1] bind interface ten-gigabitethernet 1/0/1

[SwitchB-Vfc1] port trunk vsan 2

[SwitchB-Vfc1] quit

# Configure interface Ten-GigabitEthernet 1/0/1 to allow VLAN 2.

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2

[SwitchB-Ten-GigabitEthernet1/0/1] quit

# Enable FCoE for VLAN 2 and map VLAN 2 to VSAN 2.

[SwitchB] vlan 2

[SwitchB-vlan2] fcoe enable vsan 2

[SwitchB-vlan2] quit

# Enable port security and auto learning in VSAN 2.

[SwitchB] vsan 2

[SwitchB-vsan2] fc-port-security enable auto-learn

# Configure interface VFC 1 to deny Switch C in VSAN 2 (Configure interface VFC 1 to allow any sWWN other than the WWN of Switch C).

[SwitchB-vsan2] swwn 10:83:45:87:66:19:ea:91 interface vfc 1

Verifying the configuration

# Display security violation entries in VSAN 2 on Switch C.

[SwitchC] display fc-port-security violation vsan 2

Total entries: 2

Violations for VSAN 2:

  Interface   Logging-in entity               Last time             Repeat count

  Vfc2        10:83:45:87:66:19:bc:92(sWWN)   2013/12/10 13:20:20   1

  Vfc4        20:33:44:78:66:77:ab:96(pWWN)   2013/10/10 12:55:10   1

              10:33:44:78:66:77:ab:96(nWWN)

The output shows that Switch C denied Server B and Switch B. If Switch C initiates a login request to Switch B, the violation entry for Switch B does not appear in this output. Instead, a violation entry for Switch C appears in the output from this command on Switch B.

 


Configuring FCS

Overview

The Fabric Configuration Server (FCS) feature discovers topology information of a fabric, including switches in the fabric and ports on each switch. A management application (for example, SNMP software) determines the physical and logical topologies of the fabric based on the FCS topology information. It also manages the switches in the fabric.

The FCS describes the topology of a fabric by using the following objects:

·           Interconnect element (IE) object—Each switch in a fabric is an IE object. One or more IE objects are interconnected to form a fabric. An IE object has a set of attributes, as shown in Table 6.

·           Port object—Each VFC interface on an IE object is a port object. An IE object has one or more port objects. A port object has a set of attributes, as shown in Table 7.

Table 6 IE attributes

Attribute

Description

IE WWN

WWN of the IE.

IE type

The IE type can only be Switch.

Domain ID

Domain ID of the IE.

Fabric name

Name of the fabric where the IE resides.

Logical name

Device name of the IE, which can be configured by using the sysname command.

Management address list

Management protocol supported by the IE and management address.

Only SNMP is supported. The management address is in the form of a URL. For example, snmp://192.168.6.100 indicates that the management protocol is SNMP and the management address is 192.168.6.100.

An IE can have one or more management addresses.

Information list

Includes vendor name, product name/number, release code, and other vendor-specific information.

 

Table 7 Port attributes

Attribute

Description

Port WWN

WWN of the port.

Port type

Port mode: E_Port or F_Port.

Tx type

Transmitter type of the port:

·          10GBASE-CX4.

·          10GBASE-ER 1550nm laser.

·          10GBASE-EW 1550nm laser.

·          10GBASE-LR 1310nm laser.

·          10GBASE-LW 1310nm laser.

·          10GBASE-LX4 WWDM 1300nm laser.

·          10GBASE-SR 850nm laser.

·          10GBASE-SW 850nm laser.

·          Electrical-EL.

·          Long wave laser cost reduced-LC(1310nm).

·          Long wave laser-LL(1550nm).

·          Short wave laser-SN(850nm).

Module type

Transceiver module type of the port:

·          GBIC with serial ID.

·          GBIC without serial ID.

·          GLM.

·          QSFP.

·          SFP-DWDM.

·          SFP with serial ID.

·          SFP without serial ID.

·          X2-DWDM.

·          X2 Medium.

·          X2 short.

·          X2 Tall.

·          XENPAK.

·          XFP.

·          XPAX Medium.

·          XPAX short.

·          XPAX Tall.

Port number

Port index.

Attached port WWNs

WWNs of connected ports.

If the nodes are registered through an NPV switch, multiple connected ports might exist.

Port state

Current port status:

·          Online—The port link is connected.

·          Offline—The port link is not connected.

Port speed capability

The supported speed can be one or any combination of the following options:

·          1 Gbps.

·          2 Gbps.

·          4 Gbps.

·          8 Gbps.

·          10 Gbps.

·          16 Gbps.

·          20 Gbps.

Port speed operation

The current speed can only be one of the following options:

·          1 Gbps.

·          2 Gbps.

·          4 Gbps.

·          8 Gbps.

·          10 Gbps.

·          16 Gbps.

·          20 Gbps.

Port zoning enforcement status

Zoning type supported by the port: soft zoning or hard zoning.

 

Starting a topology discovery

You can start a topology discovery on any switch in a fabric. The topology discovery process is as follows:

1.      Each switch in a fabric maintains a list of all IE objects in the fabric. When no topology discovery is in progress in a VSAN, the switch displays the topology discovery status as localOnly in the VSAN. The switch stores all IE attributes and port attributes of its own and stores only IE WWN, IE type, and domain ID attributes of other switches.

2.      When a topology discovery is started, the switch changes the topology discovery status to inProgress in the VSAN. The switch obtains the latest IE attributes and port attributes of all other switches in the fabric and updates them to the local FCS database.

3.      When the topology discovery is complete, the switch changes the topology discovery status to completed in the VSAN. The switch starts an aging timer to specify the amount of time for the topology discovery information to be retained.

4.      When the aging timer expires, the switch performs the following operations:

?  Deletes all topology discovery information except its own information.

?  Changes the topology discovery status to localOnly in the VSAN.

The fabric topology might change. During a topology discovery process, the switch does not obtain the following attributes:

·           IE attributes and port attributes of an IE that joins the fabric after the switch starts obtaining these attributes of other IEs.

·           IE attributes and port attributes of an IE that change after the switch finishes obtaining all IE attributes and port attributes of that IE.

The switch processes local topology changes in real time, regardless of topology discovery.

To start a topology discovery:

 

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Start a topology discovery in specified VSANs.

fcs discovery start [ age interval ] vsan vsan-list

You can start a second topology discovery for the same VSAN only after the first topology discovery is complete. Otherwise, the system displays the message "FCS discovery is being performed".

 

Stopping a topology discovery

Step

Command

Remarks

1.      Enter system view.

system-view

N/A

2.      Stop a topology discovery in specified VSANs.

fcs discovery stop vsan vsan-list

After you execute this command, the system performs the following operations:

·          Stops the topology discovery in progress.

·          Deletes the topology information obtained from non-local switches.

·          Changes the topology discovery status back to localOnly.

 

Displaying and maintaining FCS

Execute display commands in any view.

 

Task

Command

Display the topology discovery status.

display fcs discovery status [ vsan vsan-id ]

Display the FCS database information.

display fcs database [ vsan vsan-id ]

Display IE information.

display fcs ie [ vsan vsan-id ] [ nwwn wwn ] [ verbose ]

Display port information.

display fcs port [ vsan vsan-id ] [ pwwn wwn ] [ verbose ]

 

FCS configuration example

Network requirements

As shown in Figure 34, start a topology discovery to obtain topology information in the fabric for the management application.

Figure 34 Network diagram

 

Configuration procedure

This section describes only FCS configurations.

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Start a topology discovery in VSAN 1 on Switch A.

[SwitchA] fcs discovery start vsan 1

Verifying the configuration

# Display the FCS database in VSAN 1 on Switch A.

[SwitchA] display fcs database vsan 1

FCS Local Database in VSAN 1:

  IE WWN                   : 10:00:00:11:22:00:01:01

  Domain ID                : 0x01

  Management address list  : snmp://192.168.0.1

  Fabric name              : 10:00:00:11:22:00:01:01

  Logical name             : SwitchA

  Information list         : H3C#H3C S6300-48S#Version 7.1.045, Release 2432P03

  IE_Ports:

    Interface   Port WWN                  Port type   Attached port WWNs

    Vfc1        e1:01:00:11:22:00:01:01   E_Port      e2:01:00:11:22:00:01:01

    Vfc2        e1:01:00:11:22:00:01:02   E_Port      e3:01:00:11:22:00:01:01

 

  IE WWN                   : 10:00:00:11:22:00:01:02

  Domain ID                : 0x02

  Management address list  : snmp://192.168.0.2

  Fabric name              : 10:00:00:11:22:00:01:01

  Logical name             : SwitchB

  Information list         : H3C#H3C S6300-48S#Version 7.1.045, Release 2432P03

  IE_Ports:

    Interface   Port WWN                  Port type   Attached port WWNs

    -           e2:01:00:11:22:00:01:01   E_Port      e1:01:00:11:22:00:01:01

    -           e2:01:00:11:22:00:01:02   E_Port      e3:01:00:11:22:00:01:02

    -           e2:01:00:11:22:00:01:03   E_Port      e4:01:00:11:22:00:01:01

   

  IE WWN                   : 10:00:00:11:22:00:01:03

  Domain ID                : 0x03

  Management address list  : snmp://192.168.0.3

  Fabric name              : 10:00:00:11:22:00:01:01

  Logical name             : SwitchC

  Information list         : H3C#H3C S6300-48S#Version 7.1.045, Release 2432P03

  IE_Ports:

    Interface   Port WWN                  Port type   Attached port WWNs

    -           e3:01:00:11:22:00:01:01   E_Port      e1:01:00:11:22:00:01:02

    -           e3:01:00:11:22:00:01:02   E_Port      e2:01:00:11:22:00:01:02

    -           e3:01:00:11:22:00:01:03   F_Port      48:33:43:2d:46:43:1A:1A

   

  IE WWN                   : 10:00:00:11:22:00:01:04

  Domain ID                : 0x04

  Management address list  : snmp://192.168.0.4

  Fabric name              : 10:00:00:11:22:00:01:01

  Logical name             : SwitchD

  Information list         : H3C#H3C S6300-48S#Version 7.1.045, Release 2432P03

  IE_Ports:

    Interface   Port WWN                  Port type   Attached port WWNs

    -           e4:01:00:11:22:00:01:01   E_Port      e2:01:00:11:22:00:01:03

    -           e4:01:00:11:22:00:01:02   F_Port      48:33:43:2d:46:43:1B:1B

# Display brief information about IEs in VSAN 1 on Switch A.

[SwitchA] display fcs ie vsan 1

IE List for VSAN 1:

  IE WWN                  Domain ID  Mgmt addr list           Logical name

  10:00:00:11:22:00:01:01 0x01       snmp://192.168.0.1       SwitchA

  10:00:00:11:22:00:01:02 0x02       snmp://192.168.0.2       SwitchB

  10:00:00:11:22:00:01:03 0x03       snmp://192.168.0.3       SwitchC

  10:00:00:11:22:00:01:04 0x04       snmp://192.168.0.4       SwitchD

 

Total 4 IEs in Fabric.

# Display brief information about ports in VSAN 1 on Switch A.

[SwitchA] display fcs port vsan 1

Port List for VSAN 1:

  IE WWN: 10:00:00:11:22:00:01:01

    Port WWN                Port type Tx type              Module type

    e1:01:00:11:22:00:01:01 E_Port    10GBASE-CX4          SFP with serial ID

    e1:01:00:11:22:00:01:02 E_Port    10GBASE-CX4          SFP with serial ID

 

  Total 2 switch-ports in IE.

 

  IE WWN: 10:00:00:11:22:00:01:02

    Port WWN                Port type Tx type              Module type

    e2:01:00:11:22:00:01:01 E_Port    10GBASE-CX4          SFP with serial ID

    e2:01:00:11:22:00:01:02 E_Port    10GBASE-CX4          SFP with serial ID

    e2:01:00:11:22:00:01:03 E_Port    10GBASE-CX4          SFP with serial ID

 

  Total 3 switch-ports in IE.

 

  IE WWN: 10:00:00:11:22:00:01:03

    Port WWN                Port type Tx type              Module type

    e3:01:00:11:22:00:01:01 E_Port    10GBASE-CX4          SFP with serial ID

    e3:01:00:11:22:00:01:02 E_Port    10GBASE-CX4          SFP with serial ID

    e3:01:00:11:22:00:01:03 F_Port    10GBASE-CX4          SFP with serial ID

 

  Total 3 switch-ports in IE.

 

  IE WWN: 10:00:00:11:22:00:01:04

    Port WWN                Port type Tx type              Module type

    e4:01:00:11:22:00:01:01 E_Port    10GBASE-CX4          SFP with serial ID

    e4:01:00:11:22:00:01:02 F_Port    10GBASE-CX4          SFP with serial ID

 

  Total 2 switch-ports in IE.

 


Configuring FDMI

Overview

The Fabric Device Management Interface (FDMI) feature allows you to view information about host bus adapters (HBAs) on all registered nodes in a fabric. The HBA information includes HBAs and ports on each HBA.

Each switch obtains the HBA information of its directly connected and registered nodes and sends the information to other switches in the fabric. As a result, each switch has HBA information for all the nodes registered with the fabric.

An HBA is an FC storage network card. Each HBA appears as an HBA object to the switch. An HBA object has a set of attributes, as shown in Table 8.

Each physical FC interface on an HBA object is a port object. An HBA object can have a maximum of 256 port objects. A port object has a set of attributes, as shown in Table 9.

When Register Port (RPRT) or Register Port Attributes (RPA) packets from a port object include Smart SAN attributes, the following rules apply to displaying FDMI database information:

·           If the switch is enabled with Smart SAN, Smart SAN attributes are displayed for the port object.

·           If the switch is not enabled with Smart SAN, no information is displayed.

When RPRT or RPA packets from a port object do not include Smart SAN attributes, Smart SAN attributes are not displayed, regardless of whether the switch is enabled with Smart SAN.

The following are Smart SAN attributes:

·           Smart SAN Service Category.

·           Smart SAN globally unique identifier (GUID).

·           Smart SAN Version.

·           Smart SAN Product Name (Model).

·           Smart SAN Port Info.

·           Smart SAN QoS Support.

·           Smart SAN Security Support.

·           Smart SAN Connected Ports.

Table 8 HBA object attributes

Attribute

Description

HBA ID

An HBA ID identifies an HBA.

If an HBA has only one physical interface, the WWN of the physical interface is used as the HBA ID. If the HBA has more than one physical interface, the WWN of one of the physical interfaces is selected as the HBA ID.

Manufacturer

Manufacturer of the HBA.

Serial Number

Serial number of the HBA.

Model

Model of the HBA.

Model Description

Model description for the HBA.

Node Name

WWN of the node where the HBA resides.

Node Symbolic Name

Symbolic name of the node where the HBA resides.

Hardware Version

Hardware version of the HBA.

Driver Version

Driver version of the HBA.

Option ROM Version

ROM version of the HBA.

Firmware Version

Firmware version of the HBA.

OS Name and Version

Operating system name and version number of the HBA.

Maximum CT Payload

Maximum length of CT payload allowed by the HBA.

The CT payload includes the basic header and extended header of CT packets, but not the FC header.

Vendor Identifier

T10 code of the manufacturer or OEM for the HBA.

Vendor Specific Information

Vendor-defined information, which is hexadecimal.

Number of Ports

Number of ports on the HBA.

Fabric Name

Name of the fabric where the HBA resides.

Boot BIOS Version

Boot BIOS version of the HBA.

Boot BIOS State

Boot BIOS state for the HBA: Enabled or Disabled.

 

Table 9 Port object attributes

Field

Description

Port Name

WWN of the port.

Port Symbolic Name

Symbolic name of the port.

Port Identifier

FC ID of the port.

Port Type

Port type.

Supported Class of Service

Class of service supported by the port: Class 2 or Class 3.

Supported FC-4 Types

FC-4 types supported by the port:

·          FCP.

·          GS3.

·          IP.

·          LLC/SNAP.

·          NPV.

·          SNMP.

·          SW-ILS.

·          VI.

Port Active FC-4 Types

FC-4 types active on the port, which can be one or more of the following options:

·          FCP.

·          GS3.

·          IP.

·          LLC/SNAP.

·          NPV.

·          SNMP.

·          SW-ILS.

·          VI.

Supported Speed

Speeds supported by the port:

·          1 Gbps.

·          2 Gbps.

·          4 Gbps.

·          8 Gbps.

·          10 Gbps.

·          16 Gbps.

·          20 Gbps.

·          32 Gbps.

·          40 Gbps.

This field displays Unknown for speeds other than the preceding ones. This field displays Speed not obtained when the supported speeds cannot be determined.

Current Speed

The current speed can only be one of the following options:

·          1 Gbps.

·          2 Gbps.

·          4 Gbps.

·          8 Gbps.

·          10 Gbps.

·          16 Gbps.

·          20 Gbps.

·          32 Gbps.

·          40 Gbps.

This field displays Unknown for speeds other than the preceding ones. This field displays Speed not obtained when the current speed cannot be determined.

OS Device Name

Operating system name for the port.

Maximum Frame Size

Maximum frame size supported by the port.

Host Name

Name of the node where the port resides.

Node Name

WWN of the node where the port resides.

Port Fabric Name

Name of the fabric where the port resides.

Port State

Current state of the port.

Number of Discovered Ports

Number of ports discovered by the port.

Smart SAN Service Category

Smart SAN service category: Smart SAN Initiator or Smart SAN Target.

Smart SAN GUID

Smart SAN GUID.

Smart SAN Version

Smart SAN version.

Smart SAN Product Name (Model)

Smart SAN product name (model).

Smart SAN Port Info

Port information:

·          0x01 (Physical)—The port is a physical port.

·          0x02 (NPIV)—The port supports NPIV.

·          0x03 (SRIOV)—The port supports SRIOV.

Smart SAN QoS Support

QoS support of the port: 0x00 (Not supported) and 0x01 (Supported).

Smart SAN Security Support

Security types supported by the port:

·          0x00 (Not Supported).

·          0x01 (Tier-1).

·          0x02 (Tier-2).

·          0x03 (Tier-3).

Smart SAN Connected Ports

This field displays ports on remote nodes discovered by the port.

 

Displaying and maintaining FDMI

Execute display commands in any view.

 

Task

Command

Display the FDMI database information.

display fdmi database [ vsan vsan-id ] [ hba-id hba-id ] [ verbose ]

 

 


Configuring FC ping

Overview

In an FC SAN, use the fcping command to identify whether a destination address is reachable and to test network connectivity.

In an FC ping operation, the source device sends echo requests to the destination device. It determines whether the destination is reachable based on whether it receives echo replies. If the destination is reachable, the source device can perform the following operations:

·           Determine the link quality based on the number of echo requests sent and the number of replies received.

·           Determine the distance between the source and destination based on the round-trip time of FC ping packets.

A switch supports the following FC ping destinations:

·           N_PortUse the fcping command on the switch to ping an N_Port at the remote end. The destination address of the FC ping operation is the FC address of the N_Port.

·           Switch—The destination address is the destination switch's domain controller address FFFCxx (xx is the domain ID of the destination switch).

Configuration procedure

Task

Command

Remarks

Identify whether a destination address is reachable.

fcping [ -c count | -t timeout ] * fcid fcid vsan vsan-id

Available in any view.

To abort the FC ping operation during the execution of this command, press Ctrl+C.

 

FC ping configuration examples

Network requirements

As shown in Figure 35, identify whether Switch A and Switch B can reach each other.

Figure 35 Network diagram

 

Configuration procedure

1.      Configure Switch A:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1.

[SwitchA] vsan 1

[SwitchA-vsan1] domain configure enable

# Set the domain ID to 1 in VSAN 1.

[SwitchA-vsan1] domain-id 1 static

[SwitchA-vsan1] quit

# Create interface VFC 1.

[SwitchA] interface vfc 1

# Set the mode of VFC 1 to E.

[SwitchA-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 1 as a trunk port.

[SwitchA-Vfc1] port trunk vsan 1

[SwitchA-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchA] vlan 10

[SwitchA-vlan10] fcoe enable vsan 1

[SwitchA-vlan10] quit

# Configure a static route in VSAN 1.

[SwitchA] vsan 1

[SwitchA-vsan1] fc route-static 020000 8 vfc 1

[SwitchA-vsan1] quit

2.      Configure Switch B:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchB> system-view

[SwitchB] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchB] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchB] quit

# Reboot the switch.

<SwitchB> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchB> system-view

[SwitchB] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1.

[SwitchB] vsan 1

[SwitchB-vsan1] domain configure enable

# Set the domain ID to 2 in VSAN 1.

[SwitchB-vsan1] domain-id 2 static

[SwitchB-vsan1] quit

# Create interface VFC 1.

[SwitchB] interface vfc 1

# Set the mode of VFC 1 to E.

[SwitchB-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchB-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 1.

[SwitchB-Vfc1] port trunk vsan 1

[SwitchB-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchB-Ten-GigabitEthernet1/0/1] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchB] vlan 10

[SwitchB-vlan10] fcoe enable vsan 1

[SwitchB-vlan10] quit

# Configure a static route in VSAN 1.

[SwitchB] vsan 1

[SwitchB-vsan1] fc route-static 010000 8 vfc 1

[SwitchB-vsan1] quit

Verifying the configuration

# FCping a switch from another switch, for example, FCping Switch B from Switch A.

[SwitchA] fcping fcid fffc02 vsan 1

FCPING fcid 0xfffc02: 128 data bytes, press CTRL_C to break.

Reply from 0xfffc02: bytes = 128 time = 23 ms

Reply from 0xfffc02: bytes = 128 time = 9 ms

Reply from 0xfffc02: bytes = 128 time = 19 ms

Reply from 0xfffc02: bytes = 128 time = 14 ms

Reply from 0xfffc02: bytes = 128 time = 25 ms

 

--- 0xfffc02 fcping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 9/18/25 ms

 


Configuring FC tracert

Overview

In an FC SAN, use the fctracert command to obtain bidirectional routing information between source and destination, and check the network connectivity.

You can use this feature to identify failed nodes and test network connectivity.

FC tracert includes the following processes:

·           Uplink process—Beginning from the source, each switch along the path sends the Switch Trace Route (STR) packet to its next hop until the STR packet reaches the destination switch. (If the destination of FC tracert is a node, the destination switch refers to the FCF switch directly connected to the node.) Each switch adds its uplink path information (including its WWN and domain ID) to the STR packet. After the STR packet reaches the destination switch, the downlink process starts.

·           Downlink process—Beginning from the destination switch, each switch along the path switch sends the STR packet to its next hop until the STR packet reaches the source switch. Each switch adds its downlink path information (with the same content as the uplink path information) to the STR packet. When the source switch receives the STR packet, the FC tracert process ends. The source outputs information (in the STR packet) about all uplink and downlink switches along the path.

If an FCF switch fails to forward the STR packet, the switch performs the following operations:

·           Sets an error reason in the packet.

·           Sends the packet (containing information about switches the packet has passed through) directly to the source switch.

Figure 36 shows the FC tracert process.

Figure 36 FC tracert flowchart

 

The following describes the process of an FC tracert operation from Switch A to Switch C.

1.      Uplink process:

a.    Switch A adds its uplink path information (including its WWN and domain ID) to the STR request packet and sends the packet to the next hop, Switch B.

b.    After receiving the packet, Switch B replies with an STR ACC packet to Switch A.

c.    Switch B adds its uplink path information to the received STR packet and sends it to the destination switch, Switch C.

d.    After receiving the packet, Switch C replies with an STR ACC packet to Switch B.

e.    Switch C adds its uplink path information to the received packet. The collection of uplink path information is complete.

2.      Downlink process:

a.    Switch C sends the STR request packet to Switch A hop by hop in the same way as in the uplink process.

b.    After receiving the STR request packet with a downlink flag, Switch A outputs information about all uplink and downlink switches.

Configuration procedure

Task

Command

Remarks

Detect bidirectional routing information between source and destination.

fctracert [ -t timeout ] fcid fcid vsan vsan-id

Available in any view.

To abort the FC tracert operation during the execution of this command, press Ctrl+C.

 

FC tracert configuration examples

Network requirements

As shown in Figure 37, detect bidirectional routing information between Switch A and Switch C, and identify the faulty node (if any).

Figure 37 Network diagram

 

Configuration procedure

1.      Configure Switch A:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchA> system-view

[SwitchA] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1.

[SwitchA] vsan 1

[SwitchA-vsan1] domain configure enable

# Set the domain ID to 1 in VSAN 1.

[SwitchA-vsan1] domain-id 1 static

# Disable FSPF in VSAN 1.

[SwitchA-vsan1] undo fspf enable

# Configure static routes in VSAN 1.

[SwitchA-vsan1] fc route-static 020000 8 vfc 1

[SwitchA-vsan1] fc route-static 030000 8 vfc 1

[SwitchA-vsan1] quit

# Create interface VFC 1.

[SwitchA] interface vfc 1

# Set the mode of VFC 1 to E.

[SwitchA-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 1 as a trunk port.

[SwitchA-Vfc1] port trunk vsan 1

[SwitchA-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchA] vlan 10

[SwitchA-vlan10] fcoe enable vsan 1

[SwitchA-vlan10] quit

2.      Configure Switch B:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchB> system-view

[SwitchB] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchB] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchB] quit

# Reboot the switch.

<SwitchB> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchB> system-view

[SwitchB] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1.

[SwitchB] vsan 1

[SwitchB-vsan1] domain configure enable

# Set the domain ID to 2 in VSAN 1.

[SwitchB-vsan1] domain-id 2 static

# Disable FSPF in VSAN 1.

[SwitchB-vsan1] undo fspf enable

# Configure a static route.

[SwitchB-vsan1] fc route-static 010000 8 vfc 1

[SwitchB-vsan1] quit

# Create interface VFC 1.

[SwitchB] interface vfc 1

# Set the mode of VFC 1 to E.

[SwitchB-Vfc1] fc mode e

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchB-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 1 as a trunk port.

[SwitchB-Vfc1] port trunk vsan 1

[SwitchB-Vfc1] quit

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 10.

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10

[SwitchB-Ten-GigabitEthernet1/0/1] quit

# Create interface VFC 2.

[SwitchB] interface vfc 2

# Set the mode of VFC 2 to E.

[SwitchB-Vfc2] fc mode e

# Bind VFC 2 to interface Ten-GigabitEthernet 1/0/2.

[SwitchB-Vfc2] bind interface ten-gigabitethernet 1/0/2

# Assign VFC 2 to VSAN 1 as a trunk port.

[SwitchB-Vfc2] port trunk vsan 1

[SwitchB-Vfc2] quit

# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 10.

[SwitchB] interface ten-gigabitethernet 1/0/2

[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 10

[SwitchB-Ten-GigabitEthernet1/0/2] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchB] vlan 10

[SwitchB-vlan10] fcoe enable vsan 1

[SwitchB-vlan10] quit

3.      Configure Switch C:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchC> system-view

[SwitchC] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the

 system to make it effective.

# Save the configuration.

[SwitchC] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchC] quit

# Reboot the switch.

<SwitchC> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Configure the switch to operate in FCF mode.

<SwitchC> system-view

[SwitchC] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 1.

[SwitchC] vsan 1

[SwitchC-vsan1] domain configure enable

# Set the domain ID to 3 in VSAN 1.

[SwitchC-vsan1] domain-id 3 static

# Disable FSPF in VSAN 1.

[SwitchC-vsan1] undo fspf enable

[SwitchC-vsan1] quit

# Create interface VFC 2.

[SwitchC] interface vfc 2

# Set the mode of VFC 2 to E.

[SwitchC-Vfc2] fc mode e

# Bind VFC 2 to interface Ten-GigabitEthernet 1/0/2.

[SwitchC-Vfc2] bind interface ten-gigabitethernet 1/0/2

# Assign VFC 2 to VSAN 1 as a trunk port.

[SwitchC-Vfc2] port trunk vsan 1

[SwitchC-Vfc2] quit

# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 10.

[SwitchC] interface ten-gigabitethernet 1/0/2

[SwitchC-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 10

[SwitchC-Ten-GigabitEthernet1/0/2] quit

# Enable FCoE in VLAN 10 and map VLAN 10 to VSAN 1.

[SwitchC] vlan 10

[SwitchC-vlan10] fcoe enable vsan 1

[SwitchC-vlan10] quit

4.      FCping Switch C from Switch A.

[SwitchA] fcping fcid fffc03 vsan 1

FCPING fcid 0xfffc03: 128 data bytes, press CTRL_C to break.

Request time out

Request time out

Request time out

Request time out

Request time out

 

--- 0xfffc03 fcping statistics ---

5 packet(s) transmitted

0 packet(s) received

100.00% packet loss

The output shows that Switch A cannot reach Switch C.

5.      Use the fctracert command to identify the faulty node.

[SwitchA] fctracert fcid fffc03 vsan 1

Route present for: 0xfffc03, press CTRL_C to break

20:00:00:0b:46:00:02:82(0xfffc01)

20:00:00:05:30:00:18:db(0xfffc02)

Fctracert uncompleted: no route to destination port.

The output shows that:

?  Switch A can reach Switch B.

?  Switch B cannot reach Switch C.

Verifying the configuration

# Use the display fc routing-table command on Switch B to verify that there is not a route to Switch C. (Details not shown.)

 


Comprehensive FCoE configuration examples

FCoE configuration example (in standalone mode)

Network requirements

As shown in Figure 38:

·           Switch A and Switch B are connected to an Ethernet switch, and operate at the access layer of the LAN.

·           Switch A and Switch B are connected to Switch C and Switch D, respectively.

·           The four switches operate as the FCF switches of the SANs.

Configure FCoE to meet the following requirements:

·           The transmission network formed by Switch A, Switch B, and the Ethernet switch can use the server to provide services for the LAN. The transmission network formed by switches A through D can enable the server to access the disk device.

·           Link backup is used to implement high availability for the packets to and from the server and disk device.

·           The bandwidth is increased for the link between Switch A and Switch C and the link between Switch B and Switch D, and link backup and load sharing are implemented.

Figure 38 Network diagram

 

Requirements analysis

To meet the network requirements, perform the following tasks:

·           As a best practice to transmit the storage traffic over lossless Ethernet links in the SANs, perform the following tasks:

?  Configure DCBX, PFC in auto mode, and ETS on the Ethernet interfaces connecting the switches to the server.

?  Configure DCBX and PFC in auto mode on the Ethernet interfaces connecting the switches to the disk device.

?  Enable PFC by force on the Ethernet interfaces connecting switches.

·           To implement link backup between the server and the disk device, use two separate SANs to provide connections between the server and the disk device. The two SANs can use the same VSAN. The two separate VSANs are as follows:

?  One physical SAN is formed by the server, Switch A, Switch C, and the disk device.

?  The other physical SAN is formed by the server, Switch B, Switch D, and the disk device.

·           To transmit the Ethernet traffic of the LAN in VLAN 1001, configure the following interfaces to allow VLAN 1001:

?  The Ethernet interfaces connecting Switch A and Switch B to the LAN.

?  The Ethernet interfaces connecting Switch A and Switch B to the server.

·           To transmit the storage traffic of the SANs in VSAN 100, configure the interfaces connecting the four FCF switches to the SANs to allow VSAN 100. To transmit the storage traffic of VSAN 100 within VLAN 4001, map VLAN 4001 to VSAN 100.

·           To avoid physical loops in the LAN, enable STP on the Ethernet interfaces connecting Switch A and Switch B to the LAN and the server. To prevent STP from blocking the interfaces that are responsible for forwarding storage traffic on Switch A and Switch B, disable STP on the interfaces connecting the four FCF switches.

·           The SANs are complex. As a best practice, use the dynamic mode to build the fabric and use FSPF for FC routing.

·           To make the server be able to access the resources in the disk device, configure the members in the default zone to access each other.

·           To increase the bandwidth for the link between Switch A and Switch C and implement link backup and load sharing, configure Ethernet link aggregation group 1.

·           To increase the bandwidth for the link between Switch B and Switch D and implement link backup and load sharing, configure Ethernet link aggregation group 2.

Configuration procedures

Configuring Switch A

1.      Enable the advanced mode:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

2.      Configure VLANs and interfaces:

# Create VLAN 1001 and VLAN 4001, which are intended to transmit Ethernet traffic and storage traffic, respectively.

<SwitchA> system-view

[SwitchA] vlan 1001

[SwitchA-vlan1001] description ToLAN

[SwitchA-vlan1001] quit

[SwitchA] vlan 4001

[SwitchA-vlan4001] description ToSAN

[SwitchA-vlan4001] quit

# Enable STP globally.

[SwitchA] stp global enable

# Configure interface Ten-GigabitEthernet 1/0/1 as a hybrid port.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type hybrid

# Assign Ten-GigabitEthernet 1/0/1 to VLAN 1001 as an untagged member.

[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid vlan 1001 untagged

# Assign Ten-GigabitEthernet 1/0/1 to VLAN 4001 as a tagged member.

SwitchA-Ten-GigabitEthernet1/0/1] port hybrid vlan 4001 tagged

# Set the PVID to VLAN 1001 for the interface.

[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid pvid vlan 1001

# Enable STP on Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] stp enable

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Configure interface Ten-GigabitEthernet 1/0/10 as a trunk port, and assign the interface to VLAN 1001.

[SwitchA] interface ten-gigabitethernet 1/0/10

[SwitchA-Ten-GigabitEthernet1/0/10] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/10] port trunk permit vlan 1001

# Enable STP on Ten-GigabitEthernet 1/0/10.

[SwitchA-Ten-GigabitEthernet1/0/10] stp enable

[SwitchA-Ten-GigabitEthernet1/0/10] quit

# Create Layer 2 aggregate interface 1, and configure it to operate in dynamic aggregation mode.

[SwitchA] interface bridge-aggregation 1

[SwitchA-Bridge-Aggregation1] link-aggregation mode dynamic

# Disable STP on Layer 2 aggregate interface 1.

[SwitchA-Bridge-Aggregation1] undo stp enable

[SwitchA-Bridge-Aggregation1] quit

# Assign ports Ten-GigabitEthernet 1/0/5 through Ten-GigabitEthernet 1/0/8 to Layer 2 aggregation group 1.

[SwitchA] interface ten-gigabitethernet 1/0/5

[SwitchA-Ten-GigabitEthernet1/0/5] port link-aggregation group 1

[SwitchA-Ten-GigabitEthernet1/0/5] quit

[SwitchA] interface ten-gigabitethernet 1/0/6

[SwitchA-Ten-GigabitEthernet1/0/6] port link-aggregation group 1

[SwitchA-Ten-GigabitEthernet1/0/6] quit

[SwitchA] interface ten-gigabitethernet 1/0/7

[SwitchA-Ten-GigabitEthernet1/0/7] port link-aggregation group 1

[SwitchA-Ten-GigabitEthernet1/0/7] quit

[SwitchA] interface ten-gigabitethernet 1/0/8

[SwitchA-Ten-GigabitEthernet1/0/8] port link-aggregation group 1

[SwitchA-Ten-GigabitEthernet1/0/8] quit

# Configure Layer 2 aggregate interface 1 as a trunk port, and assign the aggregate interface to VLAN 4001.

[SwitchA] interface bridge-aggregation 1

[SwitchA-Bridge-Aggregation1] port link-type trunk

[SwitchA-Bridge-Aggregation1] port trunk permit vlan 4001

[SwitchA-Bridge-Aggregation1] quit

3.      Configure DCBX:

# Enable LLDP globally.

[SwitchA] lldp global enable

# Create Ethernet frame header ACL 4000.

[SwitchA] acl number 4000 name DCBX

# Configure the ACL to permit FCoE frames (protocol number is 0x8906) to pass through.

[SwitchA-acl-ethernetframe-4000] rule 0 permit type 8906 ffff

# Configure the ACL to permit FIP protocol packets (protocol number is 0x8914) to pass through.

[SwitchA-acl-ethernetframe-4000] rule 5 permit type 8914 ffff

[SwitchA-acl-ethernetframe-4000] quit

# Create a class named DCBX, with the operator of the class as OR.

[SwitchA] traffic classifier DCBX operator or

# Use ACL 4000 as the match criterion of the class.

[SwitchA-classifier-DCBX] if-match acl 4000

[SwitchA-classifier-DCBX] quit

# Create a behavior named DCBX,

[SwitchA] traffic behavior DCBX

# Configure the behavior to mark packets with 802.1p priority value 3.

[SwitchA-behavior-DCBX] remark dot1p 3

[SwitchA-behavior-DCBX] quit

# Create a QoS policy named DCBX.

[SwitchA] qos policy DCBX

# Associate class DCBX with traffic behavior DCBX in the QoS policy, and specify that the association apply to DCBX.

[SwitchA-qospolicy-DCBX] classifier DCBX behavior DCBX mode dcbx

[SwitchA-qospolicy-DCBX] quit

# Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] lldp enable

[SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx

# Apply QoS policy DCBX to the outgoing traffic of Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy DCBX outbound

4.      Configure PFC:

# Enable PFC in auto mode on interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control auto

# Enable PFC for 802.1p priority 3 on Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control no-drop dot1p 3

# Configure Ten-GigabitEthernet 1/0/1 to trust the 802.1p priority included in incoming packets.

[SwitchA-Ten-GigabitEthernet1/0/1] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Configure interfaces Ten-GigabitEthernet 1/0/5 through Ten-GigabitEthernet 1/0/8 as follows:

?  Enable PFC by force on the interfaces.

?  Enable PFC for 802.1p priority 3 on the interfaces.

?  Configure the interfaces to trust the 802.1p priority included in incoming packets.

[SwitchA] interface ten-gigabitethernet 1/0/5

[SwitchA-Ten-GigabitEthernet1/0/5] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet1/0/5] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet1/0/5] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/5] quit

[SwitchA] interface ten-gigabitethernet 1/0/6

[SwitchA-Ten-GigabitEthernet1/0/6] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet1/0/6] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet1/0/6] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/6] quit

[SwitchA] interface ten-gigabitethernet 1/0/7

[SwitchA-Ten-GigabitEthernet1/0/7] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet1/0/7] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet1/0/7] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/7] quit

[SwitchA] interface ten-gigabitethernet 1/0/8

[SwitchA-Ten-GigabitEthernet1/0/8] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet1/0/8] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet1/0/8] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/8] quit

5.      Configure ETS:

# Configure the 802.1p-local priority mapping table as follows:

?  Map 802.1p priority value 3 to local precedence 1.

?  Map the other 802.1p priority values to local precedence 0.

[SwitchA] qos map-table dot1p-lp

[SwitchA-maptbl-dot1p-lp] import 3 export 1

[SwitchA-maptbl-dot1p-lp] import 0 export 0

[SwitchA-maptbl-dot1p-lp] import 1 export 0

[SwitchA-maptbl-dot1p-lp] import 2 export 0

[SwitchA-maptbl-dot1p-lp] import 4 export 0

[SwitchA-maptbl-dot1p-lp] import 5 export 0

[SwitchA-maptbl-dot1p-lp] import 6 export 0

[SwitchA-maptbl-dot1p-lp] import 7 export 0

[SwitchA-maptbl-dot1p-lp] quit

# Enable byte-count WRR on interface Ten-GigabitEthernet 1/0/1.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr byte-count

# Configure WRR on interface Ten-GigabitEthernet 1/0/1 as follows:

?  Assign 50% of the interface bandwidth to the FCoE traffic (traffic assigned to queue 1).

?  Assign 50% of the interface bandwidth to Ethernet data traffic (traffic assigned to queue 0).

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af1 group 1 byte-count 1

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr be group 1 byte-count 1

# Assign the other queues to the SP group on interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af2 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af3 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af4 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr ef group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr cs6 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr cs7 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] quit

6.      Configure FCoE:

# Configure the switch to operate in FCF mode. 

[SwitchA] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 100. By default, the fabric configuration feature is enabled.

[SwitchA] vsan 100

[SwitchA-vsan100] domain configure enable

# Set the domain ID to 2.

[SwitchA-vsan100] domain-id 2 preferred

Non-disruptive reconfiguration or isolating the switch may be performed. Continue? [Y/N]:y

# Enable FSPF in VSAN 100.

[SwitchA-vsan100] fspf enable

[SwitchA-vsan100] quit

# Create interface VFC 1.

[SwitchA] interface vfc 1

# Set the mode of VFC 1 to F.

[SwitchA-Vfc1] fc mode f

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 100 as a trunk port.

[SwitchA-Vfc1] port trunk vsan 100

[SwitchA-Vfc1] quit

# Create interface VFC 10.

[SwitchA] interface vfc 10

# Set the mode of VFC 10 to E.

[SwitchA-Vfc10] fc mode e

# Bind VFC 10 to Layer 2 aggregate interface 1.

[SwitchA-Vfc10] bind interface bridge-aggregation 1

# Assign VFC 10 to VSAN 100 as a trunk port.

[SwitchA-Vfc10] port trunk vsan 100

# Enable FSPF for VFC 10.

[SwitchA-Vfc10] undo fspf silent vsan 100

[SwitchA-Vfc10] quit

# Enable FCoE in VLAN 4001 and map VLAN 4001 to VSAN 100.

[SwitchA] vlan 4001

[SwitchA-vlan4001] fcoe enable vsan 100

[SwitchA-vlan4001] quit

# Enter the view of VSAN 100, and configure the members in the default zone to access each other.

[SwitchA] vsan 100

[SwitchA-vsan100] zone default-zone permit

[SwitchA-vsan100] quit

Configuring Switch B

Configure Switch B in the same way Switch A is configured. On Switch B, the Layer 2 aggregate interface is Bridge-Aggregation2.

Configuring Switch C

1.      Enable the advanced mode:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchC> system-view

[SwitchC] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the system to make it effective.

# Save the configuration.

[SwitchC] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchC] quit

# Reboot the switch.

<SwitchC> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

2.      Configure VLANs and interfaces:

# Create VLAN 4001, which is intended to transmit storage traffic.

<SwitchC> system-view

[SwitchC] vlan 4001

[SwitchC-vlan4001] description ToSAN

[SwitchC-vlan4001] quit

# Configure interface Ten-GigabitEthernet 1/0/1 as a hybrid port.

[SwitchC] interface ten-gigabitethernet 1/0/1

[SwitchC-Ten-GigabitEthernet1/0/1] port link-type hybrid

# Assign the interface to VLAN 4001 as a tagged member.

[SwitchC-Ten-GigabitEthernet1/0/1] port hybrid vlan 4001 tagged

[SwitchC-Ten-GigabitEthernet1/0/1] quit

# Create Layer 2 aggregate interface 1, and configure it to operate in dynamic aggregation mode.

[SwitchC] interface bridge-aggregation 1

[SwitchC-Bridge-Aggregation1] link-aggregation mode dynamic

[SwitchC-Bridge-Aggregation1] quit

# Assign ports Ten-GigabitEthernet 1/0/5 through Ten-GigabitEthernet 1/0/8 to Layer 2 aggregation group 1.

[SwitchC] interface ten-gigabitethernet 1/0/5

[SwitchC-Ten-GigabitEthernet1/0/5] port link-aggregation group 1

[SwitchC-Ten-GigabitEthernet1/0/5] quit

[SwitchC] interface ten-gigabitethernet 1/0/6

[SwitchC-Ten-GigabitEthernet1/0/6] port link-aggregation group 1

[SwitchC-Ten-GigabitEthernet1/0/6] quit

[SwitchC] interface ten-gigabitethernet 1/0/7

[SwitchC-Ten-GigabitEthernet1/0/7] port link-aggregation group 1

[SwitchC-Ten-GigabitEthernet1/0/7] quit

[SwitchC] interface ten-gigabitethernet 1/0/8

[SwitchC-Ten-GigabitEthernet1/0/8] port link-aggregation group 1

[SwitchC-Ten-GigabitEthernet1/0/8] quit

# Configure Layer 2 aggregate interface 1 as a trunk port, and assign the aggregate interface to VLAN 4001.

[SwitchC] interface bridge-aggregation 1

[SwitchC-Bridge-Aggregation1] port link-type trunk

[SwitchC-Bridge-Aggregation1] port trunk permit vlan 4001

[SwitchC-Bridge-Aggregation1] quit

3.      Configure DCBX:

# Enable LLDP globally.

[SwitchC] lldp global enable

# Create Ethernet frame header ACL 4000.

[SwitchC] acl number 4000 name DCBX

# Configure the ACL to permit FCoE frames (protocol number is 0x8906) to pass through.

[SwitchC-acl-ethernetframe-4000] rule 0 permit type 8906 ffff

# Configure the ACL to permit FIP protocol packets (protocol number is 0x8914) to pass through.

[SwitchC-acl-ethernetframe-4000] rule 5 permit type 8914 ffff

[SwitchC-acl-ethernetframe-4000] quit

# Create a class named DCBX, with the operator of the class as OR.

[SwitchC] traffic classifier DCBX operator or

# Use ACL 4000 as the match criterion of the class.

[SwitchC-classifier-DCBX] if-match acl 4000

[SwitchC-classifier-DCBX] quit

# Create a behavior named DCBX.

[SwitchC] traffic behavior DCBX

# Configure the behavior to mark packets with 802.1p priority value 3.

[SwitchC-behavior-DCBX] remark dot1p 3

[SwitchC-behavior-DCBX] quit

# Create a QoS policy named DCBX.

[SwitchC] qos policy DCBX

# Associate class DCBX with traffic behavior DCBX in the QoS policy, and specify that the association apply to DCBX.

[SwitchC-qospolicy-DCBX] classifier DCBX behavior DCBX mode dcbx

[SwitchC-qospolicy-DCBX] quit

# Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1.

[SwitchC] interface ten-gigabitethernet 1/0/1

[SwitchC-Ten-GigabitEthernet1/0/1] lldp enable

[SwitchC-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx

# Apply QoS policy DCBX to the outgoing traffic of Ten-GigabitEthernet 1/0/1.

[SwitchC-Ten-GigabitEthernet1/0/1] qos apply policy DCBX outbound

4.      Configure PFC:

# Enable PFC in auto mode on interface Ten-GigabitEthernet 1/0/1.

[SwitchC-Ten-GigabitEthernet1/0/1] priority-flow-control auto

# Enable PFC for 802.1p priority 3 on Ten-GigabitEthernet 1/0/1.

[SwitchC-Ten-GigabitEthernet1/0/1] priority-flow-control no-drop dot1p 3

# Configure Ten-GigabitEthernet 1/0/1 to trust the 802.1p priority included in incoming packets.

[SwitchC-Ten-GigabitEthernet1/0/1] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/1] quit

# Configure interfaces Ten-GigabitEthernet 1/0/5 through Ten-GigabitEthernet 1/0/8 as follows:

?  Enable PFC by force on the interfaces.

?  Enable PFC for 802.1p priority 3 on the interfaces.

?  Configure the interfaces to trust the 802.1p priority included in incoming packets.

[SwitchC] interface ten-gigabitethernet 1/0/5

[SwitchC-Ten-GigabitEthernet1/0/5] priority-flow-control enable

[SwitchC-Ten-GigabitEthernet1/0/5] priority-flow-control no-drop dot1p 3

[SwitchC-Ten-GigabitEthernet1/0/5] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/5] quit

[SwitchC] interface ten-gigabitethernet 1/0/6

[SwitchC-Ten-GigabitEthernet1/0/6] priority-flow-control enable

[SwitchC-Ten-GigabitEthernet1/0/6] priority-flow-control no-drop dot1p 3

[SwitchC-Ten-GigabitEthernet1/0/6] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/6] quit

[SwitchC] interface ten-gigabitethernet 1/0/7

[SwitchC-Ten-GigabitEthernet1/0/7] priority-flow-control enable

[SwitchC-Ten-GigabitEthernet1/0/7] priority-flow-control no-drop dot1p 3

[SwitchC-Ten-GigabitEthernet1/0/7] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/7] quit

[SwitchC] interface ten-gigabitethernet 1/0/8

[SwitchC-Ten-GigabitEthernet1/0/8] priority-flow-control enable

[SwitchC-Ten-GigabitEthernet1/0/8] priority-flow-control no-drop dot1p 3

[SwitchC-Ten-GigabitEthernet1/0/8] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/8] quit

5.      Configure FCoE:

# Configure the switch to operate in FCF mode.

[SwitchC] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 100. By default, the fabric configuration feature is enabled.

[SwitchC] vsan 100

[SwitchC-vsan100] domain configure enable

# Set the switch priority to 1, so the switch can be selected as the principal switch.

[SwitchC-vsan100] priority 1

# Set the domain ID to 1.

[SwitchC-vsan100] domain-id 1 preferred

Non-disruptive reconfiguration or isolating the switch may be performed. Continue? [Y/N]:y

# Enable FSPF in VSAN 100.

[SwitchC-vsan100] fspf enable

[SwitchC-vsan100] quit

# Create interface VFC 1.

[SwitchC] interface vfc 1

# Set the mode of VFC 1 to F.

[SwitchC-Vfc1] fc mode f

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchC-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 100 as a trunk port.

[SwitchC-Vfc1] port trunk vsan 100

[SwitchC-Vfc1] quit

# Create interface VFC 10.

[SwitchC] interface vfc 10

# Set the mode of VFC 10 to E.

[SwitchC-Vfc10] fc mode e

# Bind VFC 10 to Layer 2 aggregate interface 1.

[SwitchC-Vfc10] bind interface bridge-aggregation 1

# Assign VFC 10 to VSAN 100 as a trunk port.

[SwitchC-Vfc10] port trunk vsan 100

# Enable FSPF for VFC 10.

[SwitchC-Vfc10] undo fspf silent vsan 100

[SwitchC-Vfc10] quit

# Enable FCoE in VLAN 4001 and map VLAN 4001 to VSAN 100.

[SwitchC] vlan 4001

[SwitchC-vlan4001] fcoe enable vsan 100

[SwitchC-vlan4001] quit

# Enter the view of VSAN 100, and configure the members in the default zone to access each other.

[SwitchC] vsan 100

[SwitchC-vsan100] zone default-zone permit

[SwitchC-vsan100] quit

Configuring Switch D

Configure Switch D in the same way Switch C is configured. On Switch D, the Layer 2 aggregate interface is Bridge-Aggregation2.

Verifying the configuration

Verifying the configuration on Switch A and Switch B

Verify the configuration on Switch A and Switch B, for example, Switch A.

# Display the domain information of VSAN 100.

[SwitchA] display fc domain vsan 100

Domain Information of VSAN 100:

 

    Running time information:

        State: Stable

        Switch WWN: 48:33:43:2d:46:43:1A:1A

        Fabric name: 48:33:43:2d:46:43:1C:1C

        Priority: 128

        Domain ID: 2

    Configuration information:

        Domain configure: Enabled

        Domain auto-reconfigure: Disabled

        Fabric name: 48:33:43:2d:46:43:1A:1A

        Priority: 128

        Domain ID: 2 (preferred)

    Principal switch running time information:

        Priority: 1

 

    Path          Interface

    Upstream      Vfc10

The output shows that the domain configuration is complete on Switch A, and the principal switch assigns domain ID 2 to Switch A.

# Display the domain ID list of VSAN 100.

[SwitchA] display fc domain-list vsan 100

Domain list of VSAN 100:

  Number of domains: 2

 

  Domain ID      WWN

  0x01(1)        48:33:43:2d:46:43:1C:1C [Principal]

  0x02(2)        48:33:43:2d:46:43:1A:1A [Local]

The output shows that Switch C is elected as the principal switch, and the principal switch assigns domain ID 1 to itself.

# Display the routing table information.

[SwitchA] display fc routing-table vsan 100

Routing Table: VSAN 100

  Destinations : 5          Routes : 5

  Destination/mask   Protocol   Preference   Cost     Interface

  0x010000/8         FSPF       20           100      Vfc10

  0xfffc01/24        DIRECT     0            0        InLoop0

  0xfffffa/24        DIRECT     0            0        InLoop0

  0xfffffc/24        DIRECT     0            0        InLoop0

  0xfffffd/24        DIRECT     0            0        InLoop0

The output shows that an FSPF route from Switch A to Switch C exists, with the outgoing interface VFC 10.

# Display the node login information for VSAN 100.

[SwitchA] display fc login vsan 100

Interface VSAN FCID     Node WWN                Port WWN

Vfc1      100  0x020000 21:01:00:1b:32:a0:fa:12 21:01:00:1b:32:a0:fa:11

# Display the brief information about the name server database in VSAN 100.

[SwitchA] display fc name-service database vsan 100

VSAN 100:

  FCID     Type               PWWN(vendor)                      FC4-type:feature

  0x010000 0x01(N)            10:00:00:05:30:00:25:a3           SCSI-FCP:Target

  0x020000 0x01(N)            21:01:00:1b:32:a0:fa:11           SCSI-FCP:Initiator

Verifying the configuration on Switch C and Switch D

Verify the configuration on Switch C and Switch D, for example, Switch C.

# Display the node login information for VSAN 100.

[SwitchC] display fc login vsan 100

Interface VSAN FCID     Node WWN                Port WWN

Vfc1      100  0x010000 10:00:00:05:30:00:25:a4 10:00:00:05:30:00:25:a3

FCoE configuration example (in IRF mode)

Network requirements

As shown in Figure 39:

·           Switch A and Switch B are connected to an Ethernet switch, and operate at the access layer of the LAN.

·           Switch A and Switch B are connected to Switch C and Switch D, respectively.

·           The four switches operate as the FCF switches of the SANs.

Configure FCoE to meet the following requirements:

·           The transmission network formed by Switch A, Switch B, and the Ethernet switch can use the server to provide services for the LAN. The transmission network formed by switches A through D can enable the server to access the disk device.

·           Link backup is used to implement high availability for the packets to and from the server and disk device.

·           The bandwidth is increased for the link between Switch A and Switch C and the link between Switch B and Switch D. Link backup and load sharing are implemented.

·           Switch A and Switch B are uniformly managed, and the hardware resources and software processing capabilities of the two switches are integrated. When one switch fails, the other switch can quickly take over to avoid service interruption.

Figure 39 Network diagram

 

Requirements analysis

To meet the network requirements, perform the following tasks:

·           To uniformly manage Switch A and Switch B and implement backup between them, configure Switch A and Switch B to form an IRF fabric. The IRF fabric uses Switch A as the master device. The IRF fabric operates at the access layer of the LAN and operates as the FCF switch of the SANs.

·           Aggregate the four physical links connecting Switch A to Switch B into an IRF link, with ports IRF-port 1/1 and IRF-port 2/2 at the two ends, respectively. Aggregate the links from the Ethernet switch to Switch A and Switch B.

·           As a best practice to transmit the storage traffic over lossless Ethernet links in the SANs, perform the following tasks:

?  Configure DCBX, PFC in auto mode, and ETS on the Ethernet interfaces connecting the switches to the server.

?  Configure DCBX and PFC in auto mode on the Ethernet interfaces connecting the switches to the disk device.

?  Enable PFC by force on the Ethernet interfaces connecting switches.

·           To implement link backup between the server and the disk device, use two separate SANs to provide connections between the server and the disk device. The two separate VSANs are as follows:

?  One physical SAN is formed by the server, the IRF fabric, Switch C, and the disk device.

?  The other physical SAN is formed by the server, the IRF fabric, Switch D, and the disk device.

Because the server is connected to the same IRF fabric rather than two separate devices in the two SANs, the two SANs must use different VSANs (for example, VSAN 100 and VSAN 200). The IRF fabric must connect to the two VSANs.

·           To transmit the Ethernet traffic of the LAN in VLAN 1001, configure the following interfaces to allow VLAN 1001:

?  The Ethernet interfaces connecting the IRF fabric to the LAN.

?  The Ethernet interfaces connecting the IRF fabric to the server.

·           To transmit the storage traffic of the SANs in VSAN 100 and VSAN 200, perform the following tasks:

?  Configure the interfaces connecting Switch A and Switch C to the SANs to allow VSAN 100.

?  Configure the interfaces connecting Switch B and Switch D to the SANs to allow VSAN 200.

·           To transmit the storage traffic of VSAN 100 within VLAN 4001, map VLAN 4001 to VSAN 100.

·           To transmit the storage traffic of VSAN 200 within VLAN 4002, map VLAN 4002 to VSAN 200.

·           To avoid physical loops in the LAN, enable STP on the Ethernet interfaces connecting the IRF fabric to the LAN and the server. To prevent STP from blocking the interfaces that are responsible for forwarding storage traffic on the IRF fabric, disable STP on the interfaces connecting the IRF fabric to Switch C and Switch D.

·           The SANs are complex. As a best practice, use the dynamic mode to build the fabric and use FSPF for FC routing.

·           To allow the server to access the resources in the disk device, configure the members in the default zone to access each other.

·           To increase the bandwidth for the link between the IRF fabric and Switch C and implement link backup and load sharing, configure Ethernet link aggregation group 1.

·           To increase the bandwidth for the link between the IRF fabric and Switch D and implement link backup and load sharing, configure Ethernet link aggregation group 2.

Configuration procedures

This section describes only FCoE configurations.

For information about configuring IRF, see the Virtual Technologies Configuration Guide.

An IRF port is a logical interface connecting IRF member devices. To use an IRF port, you must bind at least one physical port to it. A link formed by IRF ports is called an IRF link.

Switch A and Switch B are configured to form an IRF fabric. You can configure the IRF fabric on any IRF member device.

Configuring Switch A (after the IRF fabric is formed)

1.      Enable the advanced mode:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchA> system-view

[SwitchA] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the system to make it effective.

# Save the configuration.

[SwitchA] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

Slot 1:

Save next configuration file successfully.

[SwitchA] quit

# Reboot the switch.

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

2.      Configure VLANs and interfaces:

# Create VLAN 1001, VLAN 4001, and VLAN 4002, which are intended to transmit Ethernet traffic, storage traffic, and storage traffic, respectively.

<SwitchA> system-view

[SwitchA] vlan 1001

[SwitchA-vlan1001] description ToLAN

[SwitchA-vlan1001] quit

[SwitchA] vlan 4001

[SwitchA-vlan4001] description ToSAN_A

[SwitchA-vlan4001] quit

[SwitchA] vlan 4002

[SwitchA-vlan4002] description ToSAN_B

[SwitchA-vlan4002] quit

# Enable STP globally.

[SwitchA] stp global enable

# Configure interface Ten-GigabitEthernet 1/0/1 as a hybrid port.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type hybrid

# Assign Ten-GigabitEthernet 1/0/1 to VLAN 1001 as an untagged member.

[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid vlan 1001 untagged

# Assign Ten-GigabitEthernet 1/0/1 to VLAN 4001 as a tagged member.

[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid vlan 4001 tagged

# Set the PVID to VLAN 1001 for Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] port hybrid pvid vlan 1001

# Enable STP on Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] stp enable

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Configure interface Ten-GigabitEthernet 2/0/1 as a hybrid port.

[SwitchA] interface ten-gigabitethernet 2/0/1

[SwitchA-Ten-GigabitEthernet2/0/1] port link-type hybrid

# Assign Ten-GigabitEthernet 2/0/1 to VLAN 1001 as an untagged member.

[SwitchA-Ten-GigabitEthernet2/0/1] port hybrid vlan 1001 untagged

# Assign Ten-GigabitEthernet 2/0/1 to VLAN 4002 as a tagged member.

[SwitchA-Ten-GigabitEthernet2/0/1] port hybrid vlan 4002 tagged

# Set the PVID to VLAN 1001 for Ten-GigabitEthernet 2/0/1.

[SwitchA-Ten-GigabitEthernet2/0/1] port hybrid pvid vlan 1001

# Enable STP on Ten-GigabitEthernet 2/0/1.

[SwitchA-Ten-GigabitEthernet2/0/1] stp enable

[SwitchA-Ten-GigabitEthernet2/0/1] quit

# Configure interface Ten-GigabitEthernet 1/0/10 as a trunk port, and assign the interface to VLAN 1001.

[SwitchA] interface ten-gigabitethernet 1/0/10

[SwitchA-Ten-GigabitEthernet1/0/10] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/10] port trunk permit vlan 1001

# Enable STP on Ten-GigabitEthernet 1/0/10.

[SwitchA-Ten-GigabitEthernet1/0/10] stp enable

[SwitchA-Ten-GigabitEthernet1/0/10] quit

# Configure interface Ten-GigabitEthernet 2/0/10 as a trunk port, and assign the interface to VLAN 1001.

[SwitchA] interface ten-gigabitethernet 2/0/10

[SwitchA-Ten-GigabitEthernet2/0/10] port link-type trunk

[SwitchA-Ten-GigabitEthernet2/0/10] port trunk permit vlan 1001

# Enable STP on Ten-GigabitEthernet 2/0/10.

[SwitchA-Ten-GigabitEthernet2/0/10] stp enable

[SwitchA-Ten-GigabitEthernet2/0/10] quit

# Create Layer 2 aggregate interface 1, and configure it to operate in dynamic aggregation mode.

[SwitchA] interface bridge-aggregation 1

[SwitchA-Bridge-Aggregation1] link-aggregation mode dynamic

# Disable STP on Layer 2 aggregate interface 1.

[SwitchA-Bridge-Aggregation1] undo stp enable

[SwitchA-Bridge-Aggregation1] quit

# Assign ports Ten-GigabitEthernet 1/0/5 through Ten-GigabitEthernet 1/0/8 to Layer 2 aggregation group 1.

[SwitchA] interface ten-gigabitethernet 1/0/5

[SwitchA-Ten-GigabitEthernet1/0/5] port link-aggregation group 1

[SwitchA-Ten-GigabitEthernet1/0/5] quit

[SwitchA] interface ten-gigabitethernet 1/0/6

[SwitchA-Ten-GigabitEthernet1/0/6] port link-aggregation group 1

[SwitchA-Ten-GigabitEthernet1/0/6] quit

[SwitchA] interface ten-gigabitethernet 1/0/7

[SwitchA-Ten-GigabitEthernet1/0/7] port link-aggregation group 1

[SwitchA-Ten-GigabitEthernet1/0/7] quit

[SwitchA] interface ten-gigabitethernet 1/0/8

[SwitchA-Ten-GigabitEthernet1/0/8] port link-aggregation group 1

[SwitchA-Ten-GigabitEthernet1/0/8] quit

# Configure Layer 2 aggregate interface 1 as a trunk port, and assign the aggregate interface to VLAN 4001.

[SwitchA] interface bridge-aggregation 1

[SwitchA-Bridge-Aggregation1] port link-type trunk

[SwitchA-Bridge-Aggregation1] port trunk permit vlan 4001

[SwitchA-Bridge-Aggregation1] quit

# Create Layer 2 aggregate interface 2, and configure it to operate in dynamic aggregation mode.

[SwitchA] interface bridge-aggregation 2

[SwitchA-Bridge-Aggregation2] link-aggregation mode dynamic

# Disable STP on Layer 2 aggregate interface 2.

[SwitchA-Bridge-Aggregation2] undo stp enable

[SwitchA-Bridge-Aggregation2] quit

# Assign ports Ten-GigabitEthernet 2/0/5 through Ten-GigabitEthernet 2/0/8 to Layer 2 aggregation group 2.

[SwitchA] interface ten-gigabitethernet 2/0/5

[SwitchA-Ten-GigabitEthernet2/0/5] port link-aggregation group 2

[SwitchA-Ten-GigabitEthernet2/0/5] quit

[SwitchA] interface ten-gigabitethernet 2/0/6

[SwitchA-Ten-GigabitEthernet2/0/6] port link-aggregation group 2

[SwitchA-Ten-GigabitEthernet2/0/6] quit

[SwitchA] interface ten-gigabitethernet 2/0/7

[SwitchA-Ten-GigabitEthernet2/0/7] port link-aggregation group 2

[SwitchA-Ten-GigabitEthernet2/0/7] quit

[SwitchA] interface ten-gigabitethernet 2/0/8

[SwitchA-Ten-GigabitEthernet2/0/8] port link-aggregation group 2

[SwitchA-Ten-GigabitEthernet2/0/8] quit

# Configure Layer 2 aggregate interface 2 as a trunk port, and assign the aggregate interface to VLAN 4002.

[SwitchA] interface bridge-aggregation 2

[SwitchA-Bridge-Aggregation2] port link-type trunk

[SwitchA-Bridge-Aggregation2] port trunk permit vlan 4002

[SwitchA-Bridge-Aggregation2] quit

# Create Layer 2 aggregate interface 3, and configure it to operate in dynamic aggregation mode.

[SwitchA] interface bridge-aggregation 3

[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic

# Enable STP on Layer 2 aggregate interface 3.

[SwitchA-Bridge-Aggregation3] stp enable

# Enable LACP MAD for Layer 2 aggregate interface 3.

[SwitchA-Bridge-Aggregation3] mad enable

 You need to assign a domain ID (range: 0-4294967295)

 [Current domain is: 1]:

 The assigned  domain ID is: 1

 Info: MAD LACP only enable on dynamic aggregation interface.

[SwitchA-Bridge-Aggregation3] quit

# Assign ports Ten-GigabitEthernet 1/0/10 and Ten-GigabitEthernet 2/0/10 to Layer 2 aggregation group 3.

[SwitchA] interface ten-gigabitethernet 1/0/10

[SwitchA-Ten-GigabitEthernet1/0/10] port link-aggregation group 3

[SwitchA-Ten-GigabitEthernet1/0/10] quit

[SwitchA] interface ten-gigabitethernet 2/0/10

[SwitchA-Ten-GigabitEthernet2/0/10] port link-aggregation group 3

[SwitchA-Ten-GigabitEthernet2/0/10] quit

# Configure Layer 2 aggregate interface 3 as a trunk port, and assign the aggregate interface to VLAN 1001.

[SwitchA] interface bridge-aggregation 3

[SwitchA-Bridge-Aggregation3] port link-type trunk

[SwitchA-Bridge-Aggregation3] port trunk permit vlan 1001

[SwitchA-Bridge-Aggregation3] quit

3.      Configure DCBX:

# Enable LLDP globally.

[SwitchA] lldp global enable

# Create Ethernet frame header ACL 4000.

[SwitchA] acl number 4000 name DCBX

# Configure the ACL to permit FCoE frames (protocol number is 0x8906) to pass through.

[SwitchA-acl-ethernetframe-4000] rule 0 permit type 8906 ffff

# Configure the ACL to permit FIP protocol packets (protocol number is 0x8914) to pass through.

[SwitchA-acl-ethernetframe-4000] rule 5 permit type 8914 ffff

[SwitchA-acl-ethernetframe-4000] quit

# Create a class named DCBX, with the operator of the class as OR.

[SwitchA] traffic classifier DCBX operator or

# Use ACL 4000 as the match criterion of the class.

[SwitchA-classifier-DCBX] if-match acl 4000

[SwitchA-classifier-DCBX] quit

# Create a behavior named DCBX.

[SwitchA] traffic behavior DCBX

# Configure the behavior to mark packets with 802.1p priority value 3.

[SwitchA-behavior-DCBX] remark dot1p 3

[SwitchA-behavior-DCBX] quit

# Create a QoS policy named DCBX.

[SwitchA] qos policy DCBX

# Associate class DCBX with traffic behavior DCBX in the QoS policy, and specify that the association apply to DCBX.

[SwitchA-qospolicy-DCBX] classifier DCBX behavior DCBX mode dcbx

[SwitchA-qospolicy-DCBX] quit

# Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] lldp enable

[SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx

# Apply QoS policy DCBX to the outgoing traffic of Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy DCBX outbound

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 2/0/1.

[SwitchA] interface ten-gigabitethernet 2/0/1

[SwitchA-Ten-GigabitEthernet2/0/1] lldp enable

[SwitchA-Ten-GigabitEthernet2/0/1] lldp tlv-enable dot1-tlv dcbx

# Apply QoS policy DCBX to the outgoing traffic of Ten-GigabitEthernet 2/0/1.

[SwitchA-Ten-GigabitEthernet2/0/1] qos apply policy DCBX outbound

[SwitchA-Ten-GigabitEthernet2/0/1] quit

4.      Configure PFC:

# Configure interfaces Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 2/0/1 as follows:

?  Enable PFC in auto mode on the interfaces.

?  Enable PFC for 802.1p priority 3 on the interfaces.

?  Configure the interfaces to trust the 802.1p priority included in incoming packets.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control auto

[SwitchA-Ten-GigabitEthernet1/0/1] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet1/0/1] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/1] quit

[SwitchA] interface ten-gigabitethernet 2/0/1

[SwitchA-Ten-GigabitEthernet2/0/1] priority-flow-control auto

[SwitchA-Ten-GigabitEthernet2/0/1] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet2/0/1] qos trust dot1p

[SwitchA-Ten-GigabitEthernet2/0/1] quit

# Configure interfaces Ten-GigabitEthernet 1/0/5 through Ten-GigabitEthernet 1/0/8 and interfaces Ten-GigabitEthernet 2/0/5 through Ten-GigabitEthernet 2/0/8 as follows:

?  Enable PFC by force on the interfaces.

?  Enable PFC for 802.1p priority 3 on the interfaces.

?  Configure the interfaces to trust the 802.1p priority included in incoming packets.

[SwitchA] interface ten-gigabitethernet 1/0/5

[SwitchA-Ten-GigabitEthernet1/0/5] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet1/0/5] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet1/0/5] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/5] quit

[SwitchA] interface ten-gigabitethernet 1/0/6

[SwitchA-Ten-GigabitEthernet1/0/6] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet1/0/6] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet1/0/6] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/6] quit

[SwitchA] interface ten-gigabitethernet 1/0/7

[SwitchA-Ten-GigabitEthernet1/0/7] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet1/0/7] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet1/0/7] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/7] quit

[SwitchA] interface ten-gigabitethernet 1/0/8

[SwitchA-Ten-GigabitEthernet1/0/8] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet1/0/8] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet1/0/8] qos trust dot1p

[SwitchA-Ten-GigabitEthernet1/0/8] quit

[SwitchA] interface ten-gigabitethernet 2/0/5

[SwitchA-Ten-GigabitEthernet2/0/5] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet2/0/5] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet2/0/5] qos trust dot1p

[SwitchA-Ten-GigabitEthernet2/0/5] quit

[SwitchA] interface ten-gigabitethernet 2/0/6

[SwitchA-Ten-GigabitEthernet2/0/6] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet2/0/6] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet2/0/6] qos trust dot1p

[SwitchA-Ten-GigabitEthernet2/0/6] quit

[SwitchA] interface ten-gigabitethernet 2/0/7

[SwitchA-Ten-GigabitEthernet2/0/7] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet2/0/7] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet2/0/7] qos trust dot1p

[SwitchA-Ten-GigabitEthernet2/0/7] quit

[SwitchA] interface ten-gigabitethernet 2/0/8

[SwitchA-Ten-GigabitEthernet2/0/8] priority-flow-control enable

[SwitchA-Ten-GigabitEthernet2/0/8] priority-flow-control no-drop dot1p 3

[SwitchA-Ten-GigabitEthernet2/0/8] qos trust dot1p

[SwitchA-Ten-GigabitEthernet2/0/8] quit

5.      Configure ETS:

# Configure the 802.1p-local priority mapping table as follows:

?  Map 802.1p priority value 3 to local precedence 1.

?  Map the other 802.1p priority values to local precedence 0.

[SwitchA] qos map-table dot1p-lp

[SwitchA-maptbl-dot1p-lp] import 3 export 1

[SwitchA-maptbl-dot1p-lp] import 0 export 0

[SwitchA-maptbl-dot1p-lp] import 1 export 0

[SwitchA-maptbl-dot1p-lp] import 2 export 0

[SwitchA-maptbl-dot1p-lp] import 4 export 0

[SwitchA-maptbl-dot1p-lp] import 5 export 0

[SwitchA-maptbl-dot1p-lp] import 6 export 0

[SwitchA-maptbl-dot1p-lp] import 7 export 0

[SwitchA-maptbl-dot1p-lp] quit

# Enable byte-count WRR on interface Ten-GigabitEthernet 1/0/1.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr byte-count

# Configure WRR on interface Ten-GigabitEthernet 1/0/1 as follows:

?  Assign 50% of the interface bandwidth to the FCoE traffic (traffic assigned to queue 1).

?  Assign 50% of the interface bandwidth to Ethernet data traffic (traffic assigned to queue 0).

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af1 group 1 byte-count 1

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr be group 1 byte-count 1

# Assign the other queues to the SP group on interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af2 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af3 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr af4 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr ef group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr cs6 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] qos wrr cs7 group sp

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Enable byte-count WRR on interface Ten-GigabitEthernet 2/0/1.

[SwitchA] interface ten-gigabitethernet 2/0/1

[SwitchA-Ten-GigabitEthernet2/0/1] qos wrr byte-count

# Configure WRR on interface Ten-GigabitEthernet 2/0/1 as follows:

?  Assign 50% of the interface bandwidth to the FCoE traffic (traffic assigned to queue 1).

?  Assign 50% of the interface bandwidth to Ethernet data traffic (traffic assigned to queue 0).

[SwitchA-Ten-GigabitEthernet2/0/1] qos wrr af1 group 1 byte-count 1

[SwitchA-Ten-GigabitEthernet2/0/1] qos wrr be group 1 byte-count 1

# Assign the other queues to the SP group on interface Ten-GigabitEthernet 2/0/1.

[SwitchA-Ten-GigabitEthernet2/0/1] qos wrr af2 group sp

[SwitchA-Ten-GigabitEthernet2/0/1] qos wrr af3 group sp

[SwitchA-Ten-GigabitEthernet2/0/1] qos wrr af4 group sp

[SwitchA-Ten-GigabitEthernet2/0/1] qos wrr ef group sp

[SwitchA-Ten-GigabitEthernet2/0/1] qos wrr cs6 group sp

[SwitchA-Ten-GigabitEthernet2/0/1] qos wrr cs7 group sp

[SwitchA-Ten-GigabitEthernet2/0/1] quit

6.      Configure FCoE:

# Configure the switch to operate in FCF mode.

[SwitchA] fcoe-mode fcf

# Create VSAN 100. Enable the fabric configuration feature in VSAN 100. By default, the fabric configuration feature is enabled.

[SwitchA] vsan 100

[SwitchA-vsan100] domain configure enable

# Set the domain ID to 2 in VSAN 100.

[SwitchA-vsan100] domain-id 2 preferred

Non-disruptive reconfiguration or isolating the switch may be performed. Continue? [Y/N]:y

# Enable FSPF in VSAN 100.

[SwitchA-vsan100] fspf enable

[SwitchA-vsan100] quit

# Create VSAN 200. Enable the fabric configuration feature for VSAN 200. By default, the fabric configuration feature is enabled.

[SwitchA] vsan 200

[SwitchA-vsan200] domain configure enable

# Set the domain ID to 3 in VSAN 200.

[SwitchA-vsan200] domain-id 3 preferred

Non-disruptive reconfiguration or isolating the switch may be performed. Continue? [Y/N]:y

# Enable FSPF in VSAN 200.

[SwitchA-vsan200] fspf enable

[SwitchA-vsan200] quit

# Create interface VFC 1.

[SwitchA] interface vfc 1

# Set the mode of VFC 1 to F.

[SwitchA-Vfc1] fc mode f

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchA-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 100 as a trunk port.

[SwitchA-Vfc1] port trunk vsan 100

[SwitchA-Vfc1] quit

# Create interface VFC 2.

[SwitchA] interface vfc 2

# Set the mode of VFC 2 to F.

[SwitchA-Vfc2] fc mode f

# Bind VFC 2 to interface Ten-GigabitEthernet 2/0/1.

[SwitchA-Vfc2] bind interface ten-gigabitethernet 2/0/1

# Assign VFC 2 to VSAN 200 as a trunk port.

[SwitchA-Vfc2] port trunk vsan 200

[SwitchA-Vfc2] quit

# Create interface VFC 10.

[SwitchA] interface vfc 10

# Set the mode of VFC 10 to E.

[SwitchA-Vfc10] fc mode e

# Bind VFC 10 to Layer 2 aggregate interface 1.

[SwitchA-Vfc10] bind interface bridge-aggregation 1

# Assign VFC 10 to VSAN 100 as a trunk port.

[SwitchA-Vfc10] port trunk vsan 100

# Enable FSPF for VFC 10.

[SwitchA-Vfc10] undo fspf silent vsan 100

[SwitchA-Vfc10] quit

# Create interface VFC 11.

[SwitchA] interface vfc 11

# Set the mode of VFC 11 to E.

[SwitchA-Vfc11] fc mode e

# Bind VFC 11 to Layer 2 aggregate interface 2.

[SwitchA-Vfc11] bind interface bridge-aggregation 2

# Assign VFC 11 to VSAN 200 as a trunk port.

[SwitchA-Vfc11] port trunk vsan 200

# Enable FSPF for VFC 11.

[SwitchA-Vfc11] undo fspf silent vsan 200

[SwitchA-Vfc11] quit

# Enable FCoE in VLAN 4001 and map VLAN 4001 to VSAN 100.

[SwitchA] vlan 4001

[SwitchA-vlan4001] fcoe enable vsan 100

[SwitchA-vlan4001] quit

# Enable FCoE in VLAN 4002 and map VLAN 4002 to VSAN 200.

[SwitchA] vlan 4002

[SwitchA-vlan4002] fcoe enable vsan 200

[SwitchA-vlan4002] quit

# Enter the view of VSAN 100, and configure the members in the default zone to access each other.

[SwitchA] vsan 100

[SwitchA-vsan100] zone default-zone permit

[SwitchA-vsan100] quit

# Enter the view of VSAN 200, and configure the members in the default zone to access each other.

[SwitchA] vsan 200

[SwitchA-vsan200] zone default-zone permit

[SwitchA-vsan200] quit

Configuring Switch C

1.      Enable the advanced mode:

# Configure the switch to operate in advanced mode. (Skip this step if the switch is operating in advanced mode.)

<SwitchC> system-view

[SwitchC] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the system to make it effective.

# Save the configuration.

[SwitchC] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

[SwitchC] quit

# Reboot the switch.

<SwitchC> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

2.      Configure VLANs and interfaces:

# Create VLAN 4001, which is intended to transmit storage traffic.

<SwitchC> system-view

[SwitchC] vlan 4001

[SwitchC-vlan4001] description ToSAN_A

[SwitchC-vlan4001] quit

# Configure interface Ten-GigabitEthernet 1/0/1 as a hybrid port.

[SwitchC] interface ten-gigabitethernet 1/0/1

[SwitchC-Ten-GigabitEthernet1/0/1] port link-type hybrid

# Assign Ten-GigabitEthernet 1/0/1 to VLAN 4001 as a tagged member.

[SwitchC-Ten-GigabitEthernet1/0/1] port hybrid vlan 4001 tagged

[SwitchC-Ten-GigabitEthernet1/0/1] quit

# Create Layer 2 aggregate interface 1, and configure it to operate in dynamic aggregation mode.

[SwitchC] interface bridge-aggregation 1

[SwitchC-Bridge-Aggregation1] link-aggregation mode dynamic

[SwitchC-Bridge-Aggregation1] quit

# Assign ports Ten-GigabitEthernet 1/0/5 through Ten-GigabitEthernet 1/0/8 to Layer 2 aggregation group 1.

[SwitchC] interface ten-gigabitethernet 1/0/5

[SwitchC-Ten-GigabitEthernet1/0/5] port link-aggregation group 1

[SwitchC-Ten-GigabitEthernet1/0/5] quit

[SwitchC] interface ten-gigabitethernet 1/0/6

[SwitchC-Ten-GigabitEthernet1/0/6] port link-aggregation group 1

[SwitchC-Ten-GigabitEthernet1/0/6] quit

[SwitchC] interface ten-gigabitethernet 1/0/7

[SwitchC-Ten-GigabitEthernet1/0/7] port link-aggregation group 1

[SwitchC-Ten-GigabitEthernet1/0/7] quit

[SwitchC] interface ten-gigabitethernet 1/0/8

[SwitchC-Ten-GigabitEthernet1/0/8] port link-aggregation group 1

[SwitchC-Ten-GigabitEthernet1/0/8] quit

# Configure Layer 2 aggregate interface 1 as a trunk port, and assign the aggregate interface to VLAN 4001.

[SwitchC] interface bridge-aggregation 1

[SwitchC-Bridge-Aggregation1] port link-type trunk

[SwitchC-Bridge-Aggregation1] port trunk permit vlan 4001

[SwitchC-Bridge-Aggregation1] quit

3.      Configure DCBX:

# Enable LLDP globally.

[SwitchC] lldp global enable

# Create Ethernet frame header ACL 4000.

[SwitchC] acl number 4000 name DCBX

# Configure the ACL to permit FCoE frames (protocol number is 0x8906) to pass through.

[SwitchC-acl-ethernetframe-4000] rule 0 permit type 8906 ffff

# Configure the ACL to permit  FIP protocol packets (protocol number is 0x8914) to pass through.

[SwitchC-acl-ethernetframe-4000] rule 5 permit type 8914 ffff

[SwitchC-acl-ethernetframe-4000] quit

# Create a class named DCBX, with the operator of the class as OR.

[SwitchC] traffic classifier DCBX operator or

# Use ACL 4000 as the match criterion of the class.

[SwitchC-classifier-DCBX] if-match acl 4000

[SwitchC-classifier-DCBX] quit

# Create a behavior named DCBX.

[SwitchC] traffic behavior DCBX

# Configure the behavior to mark packets with 802.1p priority value 3.

[SwitchC-behavior-DCBX] remark dot1p 3

[SwitchC-behavior-DCBX] quit

# Create a QoS policy named DCBX.

[SwitchC] qos policy DCBX

# Associate class DCBX with traffic behavior DCBX in the QoS policy, and specify that the association apply to DCBX.

[SwitchC-qospolicy-DCBX] classifier DCBX behavior DCBX mode dcbx

[SwitchC-qospolicy-DCBX] quit

# Enable LLDP and DCBX TLV advertising on interface Ten-GigabitEthernet 1/0/1.

[SwitchC] interface ten-gigabitethernet 1/0/1

[SwitchC-Ten-GigabitEthernet1/0/1] lldp enable

[SwitchC-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv dcbx

# Apply QoS policy DCBX to the outgoing traffic of Ten-GigabitEthernet 1/0/1.

[SwitchC-Ten-GigabitEthernet1/0/1] qos apply policy DCBX outbound

4.      Configure PFC:

# Enable PFC in auto mode on interface Ten-GigabitEthernet 1/0/1.

[SwitchC-Ten-GigabitEthernet1/0/1] priority-flow-control auto

# Enable PFC for 802.1p priority 3 on Ten-GigabitEthernet 1/0/1.

[SwitchC-Ten-GigabitEthernet1/0/1] priority-flow-control no-drop dot1p 3

# Configure Ten-GigabitEthernet 1/0/1 to trust the 802.1p priority included in incoming packets.

[SwitchC-Ten-GigabitEthernet1/0/1] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/1] quit

# Configure interfaces Ten-GigabitEthernet 1/0/5 through Ten-GigabitEthernet 1/0/8 as follows:

?  Enable PFC by force on the interfaces.

?  Enable PFC for 802.1p priority 3 on the interfaces.

?  Configure the interfaces to trust the 802.1p priority included in incoming packets.

[SwitchC] interface ten-gigabitethernet 1/0/5

[SwitchC-Ten-GigabitEthernet1/0/5] priority-flow-control enable

[SwitchC-Ten-GigabitEthernet1/0/5] priority-flow-control no-drop dot1p 3

[SwitchC-Ten-GigabitEthernet1/0/5] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/5] quit

[SwitchC] interface ten-gigabitethernet 1/0/6

[SwitchC-Ten-GigabitEthernet1/0/6] priority-flow-control enable

[SwitchC-Ten-GigabitEthernet1/0/6] priority-flow-control no-drop dot1p 3

[SwitchC-Ten-GigabitEthernet1/0/6] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/6] quit

[SwitchC] interface ten-gigabitethernet 1/0/7

[SwitchC-Ten-GigabitEthernet1/0/7] priority-flow-control enable

[SwitchC-Ten-GigabitEthernet1/0/7] priority-flow-control no-drop dot1p 3

[SwitchC-Ten-GigabitEthernet1/0/7] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/7] quit

[SwitchC] interface ten-gigabitethernet 1/0/8

[SwitchC-Ten-GigabitEthernet1/0/8] priority-flow-control enable

[SwitchC-Ten-GigabitEthernet1/0/8] priority-flow-control no-drop dot1p 3

[SwitchC-Ten-GigabitEthernet1/0/8] qos trust dot1p

[SwitchC-Ten-GigabitEthernet1/0/8] quit

5.      Configure FCoE:

# Configure the switch to operate in FCF mode.

[SwitchC] fcoe-mode fcf

# Enable the fabric configuration feature in VSAN 100. By default, the fabric configuration feature is enabled.

[SwitchC] vsan 100

[SwitchC-vsan100] domain configure enable

# Set the switch priority to 1, so the switch can be selected as the principal switch.

[SwitchC-vsan100] priority 1

# Set the domain ID to 1.

[SwitchC-vsan100] domain-id 1 preferred

Non-disruptive reconfiguration or isolating the switch may be performed. Continue? [Y/N]:y

# Enable FSPF in VSAN 100.

[SwitchC-vsan100] fspf enable

[SwitchC-vsan100] quit

# Create interface VFC 1.

[SwitchC] interface vfc 1

# Set the mode of VFC 1 to F.

[SwitchC-Vfc1] fc mode f

# Bind VFC 1 to interface Ten-GigabitEthernet 1/0/1.

[SwitchC-Vfc1] bind interface ten-gigabitethernet 1/0/1

# Assign VFC 1 to VSAN 100 as a trunk port.

[SwitchC-Vfc1] port trunk vsan 100

[SwitchC-Vfc1] quit

# Create interface VFC 10.

[SwitchC] interface vfc 10

# Set the mode of VFC 10 to E.

[SwitchC-Vfc10] fc mode e

# Bind VFC 10 to Layer 2 aggregate interface 1.

[SwitchC-Vfc10] bind interface bridge-aggregation 1

# Assign VFC 10 to VSAN 100 as a trunk port.

[SwitchC-Vfc10] port trunk vsan 100

# Enable FSPF for VFC 10.

[SwitchC-Vfc10] undo fspf silent vsan 100

[SwitchC-Vfc10] quit

# Enable FCoE in VLAN 4001 and map VLAN 4001 to VSAN 100.

[SwitchC] vlan 4001

[SwitchC-vlan4001] fcoe enable vsan 100

[SwitchC-vlan4001] quit

# Enter the view of VSAN 100, and configure the members in the default zone to access each other.

[SwitchC] vsan 100

[SwitchC-vsan100] zone default-zone permit

[SwitchC-vsan100] quit

Configuring Switch D

Configure Switch D in the same way Switch C is configured. On Switch D, the VLAN, VSAN, and Layer 2 aggregate interface are VLAN 4002, VSAN 200, and Bridge-Aggregation2, respectively.

Verifying the configuration

Verifying the configuration on Switch A

1.      Display information for VSAN 100:

# Display the domain information of VSAN 100.

[SwitchA] display fc domain vsan 100

Domain Information of VSAN 100:

 

    Running time information:

        State: Stable

        Switch WWN: 48:33:43:2d:46:43:1A:1A

        Fabric name: 48:33:43:2d:46:43:1C:1C

        Priority: 128

        Domain ID: 2

    Configuration information:

        Domain configure: Enabled

        Domain auto-reconfigure: Disabled

        Fabric name: 48:33:43:2d:46:43:1A:1A

        Priority: 128

        Domain ID: 2 (preferred)

    Principal switch running time information:

        Priority: 1

 

    Path          Interface

    Upstream      Vfc10

The output shows that the domain configuration is complete on Switch A, and the principal switch assigns domain ID 2 to Switch A.

# Display the domain list of VSAN 100.

[SwitchA] display fc domain-list vsan 100

Domain list of VSAN 100:

  Number of domains: 2

 

  Domain ID      WWN

  0x01(1)        48:33:43:2d:46:43:1C:1C [Principal]

  0x02(2)        48:33:43:2d:46:43:1A:1A [Local]

The output shows that Switch C is elected as the principal switch, and the principal switch assigns domain ID 1 to itself.

# Display the routing table information for VSAN 100.

[SwitchA] display fc routing-table vsan 100

Routing Table: VSAN 100

  Destinations : 5          Routes : 5

  Destination/mask   Protocol   Preference   Cost     Interface

  0x010000/8         FSPF       20           100      Vfc10

  0xfffc01/24        DIRECT     0            0        InLoop0

  0xfffffa/24        DIRECT     0            0        InLoop0

  0xfffffc/24        DIRECT     0            0        InLoop0

  0xfffffd/24        DIRECT     0            0        InLoop0

The output shows that an FSPF route from Switch A to Switch C exists, with the outgoing interface VFC 10.

# Display the node login information for VSAN 100.

[SwitchA] display fc login vsan 100

Interface VSAN FCID     Node WWN                Port WWN

Vfc1      100  0x020000 21:01:00:1b:32:a0:fa:12 21:01:00:1b:32:a0:fa:11

# Display the brief information about the name server database in VSAN 100.

[SwitchA] display fc name-service database vsan 100

VSAN 100:

  FCID     Type               PWWN(vendor)                      FC4-type:feature

  0x010000 0x01(N)            10:00:00:05:30:00:25:a3           SCSI-FCP:Target

  0x020000 0x01(N)            21:01:00:1b:32:a0:fa:11           SCSI-FCP:Initiator

2.      Display information for VSAN 200:

# Display the domain information of VSAN 200.

[SwitchA] display fc domain vsan 200

Domain Information of VSAN 200:

 

    Running time information:

        State: Stable

        Switch WWN: 48:33:43:2d:46:43:1B:1B

        Fabric name: 48:33:43:2d:46:43:1D:1D

        Priority: 128

        Domain ID: 2

    Configuration information:

        Domain configure: Enabled

        Domain auto-reconfigure: Disabled

        Fabric name: 48:33:43:2d:46:43:1B:1B

        Priority: 128

        Domain ID: 2 (preferred)

    Principal switch running time information:

        Priority: 1

 

    Path          Interface

    Upstream      Vfc11

The output shows that the domain configuration is complete on Switch A, and the principal switch assigns domain ID 2 to Switch A.

# Display the domain list of VSAN 200.

[SwitchA] display fc domain-list vsan 200

Domain list of VSAN 200:

  Number of domains: 2

 

  Domain ID      WWN

  0x01(1)        48:33:43:2d:46:43:1D:1D [Principal]

  0x02(2)        48:33:43:2d:46:43:1B:1B [Local]

The output shows that Switch D is elected as the principal switch, and the principal switch assigns domain ID 1 to itself.

# Display the routing table information for VSAN 200.

[SwitchA] display fc routing-table vsan 200

Routing Table: VSAN 200

  Destinations : 5          Routes : 5

  Destination/mask   Protocol   Preference   Cost     Interface

  0x010000/8         FSPF       20           100      Vfc10

  0xfffc01/24        DIRECT     0            0        InLoop0

  0xfffffa/24        DIRECT     0            0        InLoop0

  0xfffffc/24        DIRECT     0            0        InLoop0

  0xfffffd/24        DIRECT     0            0        InLoop0

The output shows that an FSPF route from Switch A to Switch C exists, with the outgoing interface VFC 10.

# Display the node login information for VSAN 200.

[SwitchA] display fc login vsan 200

Interface VSAN FCID     Node WWN                Port WWN

Vfc1      200  0x020000 21:01:00:1b:32:a0:fa:12 21:01:00:1b:32:a0:fa:13

# Display the brief information about the name server database in VSAN 200.

[SwitchA] display fc name-service database vsan 200

VSAN 200:

  FCID     Type               PWWN(vendor)                      FC4-type:feature

  0x010000 0x01(N)            10:00:00:05:30:00:25:a5           SCSI-FCP:Target

  0x020000 0x01(N)            21:01:00:1b:32:a0:fa:13           SCSI-FCP:Initiator

Verifying the configuration on Switch C

# Display the node login information for VSAN 100.

[SwitchC] display fc login vsan 100

Interface VSAN FCID     Node WWN                Port WWN

Vfc1      100  0x010000 10:00:00:05:30:00:25:a4 10:00:00:05:30:00:25:a3

Verifying the configuration on Switch D

Verify the configuration Switch D in the same way you verify the configuration on Switch C.

 


Appendixes

Appendix A Fabric address assignment

Table 10 Fabric address assignment

FC_ID

Description

0x000000

Undefined (when an N_Port uses FLOGI to request for an address, an all-zero FC ID is used).

0x000001–0x00FFFF

Reserved.

0x010000–0xEFFFFF

N_Port address.

0xF00000–0xFFF9FF

Reserved.

0xFFFA00–0xFFFA0F

Reserved for internal loopback.

0xFFFA10–0xFFFA1F

Reserved for external loopback.

0xFFFA20–0xFFFAFF

Reserved.

0xFFFB00–0xFFFBFF

Reserved for multicast.

0xFFFC00

Reserved.

0xFFFC01–0xFFFCEF

Domain controller addresses.

0xFFFCF0–0xFFFFEF

Reserved.

0xFFFFF0–0xFFFFFC

Well-known addresses.

0xFFFFFD

Fabric controller address, representing all E_Ports.

0xFFFFFE

F_Port controller address, representing all F_Ports.

0xFFFFFF

Broadcast address.

 

Appendix B Well-known fabric addresses

Table 11 Purposes of well-known fabric addresses

FC_ID

Description

0xFFFFF0

N_Port controller, representing all N_Ports.

0xFFFFF1–0xFFFFF3

Reserved.

0xFFFFF4

Event services.

0xFFFFF5

Multicast server.

0xFFFFF6

Clock synchronization services.

0xFFFFF7

Security key distribution services.

0xFFFFF8

Alias services.

0xFFFFF9

Reserved.

0xFFFFFA

Management services.

0xFFFFFB

Time services.

0xFFFFFC

Path services (name services).

 

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网